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Instructor course overview 


Fundamentals of cloud computing is a one-day, instructor-led or 
self-paced virtual classroom (SPVC) course designed to teach 
students the basic concepts of cloud computing. 


In this course, students learn the basic concepts and terminology of 
cloud computing. After completing this course, students should be 
able to provide a definition of cloud computing, and describe the 
various service delivery models of a cloud computing architecture. 
Students should also be able to describe the ways in which clouds can 
be deployed as public, private, hybrid, and community clouds. This 
course also provides an introduction to the security challenges that 
cloud deployments experience, and how these are addressed. Lecture 
topics include IBM cloud computing architecture and offerings, as well 
as an overview of the IBM WebSphere CloudBurst appliance and the 
IBM WebSphere Hypervisor edition software product. 


A number of self-running and hands-on demonstrations in simulation 
mode enable students to experience how to sign onto and use 
cloud-based instances. Skills covered by the hands-on 
demonstrations include applying for a contract to use the IBM Smart 
Business Development and Test Cloud. Students learn how to sign 
onto the IBM Smart Business Development and Test Cloud, as well as 
how to create an instance of the cloud and connect to it. Other 
self-running demonstrations focus on getting started on cloud 
computing using the IBM CloudBurst appliance. In the final exercise, 
students complete a crossword puzzle on what they have learned. 


Course strategy 


Teaching strategy 


Each classroom session uses a combination of facilitated lecture, 
discussions, group exercises, and demonstrations to convey the 
material. 


Introduce the material 


Inform the students of the objectives of the unit and topic. Give them a 
brief scenario that helps them understand how the presented material 
assists them in performing their jobs. 


Facilitate the learning experience 


Involve the students in the learning process. Ask them questions and 
present classroom scenarios in which students use the available 
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resources to solve situations involving process, procedure, or content 
on the job. 


Review the material 


Review objectives at the conclusion of each unit to ensure that the 
students have a thorough understanding of the material. 


Group exercises and labs are used to reinforce knowledge and skills 
that the students have learned in the previous classroom topics. The 
instructor serves as a mentor in checking results, answering 
questions, and providing constructive feedback and evaluation. 


Course evaluation 


Evaluation measures the quality, effectiveness, and impact of the 
course. It enables students to answer the question, “Are the 
requirements and objectives of the course being met?” 


For all classes, students provide feedback on course quality by 
completing an end-of-course questionnaire. 


Measurement plan 
There are no formal tests administered in the class. 
Course materials 


e Student Notebook 
e Instructor Guide 
e PowerPoint visuals in PDF form to be displayed 


Summary of changes in this edition 


This is a new course. 
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Course description 


Fundamentals of Cloud Computing 
Duration: 1 day 


Purpose 


This one-day, instructor-led course is designed to teach students the 
basic concepts and terminology of cloud computing. 


After establishing the definition of cloud computing, this course 
describes the various service delivery models of a cloud computing 
architecture, and the ways in which clouds can be deployed as public, 
private, hybrid, and community clouds. Students also learn about the 
security challenges that cloud deployments experience, and how 
these are addressed. The course also describes IBM cloud computing 
architecture and offerings, the IBM WebSphere CloudBurst appliance, 
and the IBM WebSphere Hypervisor edition software product. 


A number of self-running and hands-on demonstrations in simulation 
mode enable students to experience how to sign onto and use 
cloud-based instances. The hands-on demonstrations include 
applying for a contract to use the IBM Smart Business Development 
and Test Cloud. Students sign onto the IBM Smart Business 
Development and Test Cloud, create an instance of the cloud, and 
connect to it. Other self-running demonstrations focus on getting 
started with cloud computing using the IBM WebSphere CloudBurst 
appliance. In the final exercise, students complete a crossword puzzle 
on what they have learned. 


Audience 


This introductory course is designed for software architects and 
developers of cloud systems, as well as application and enterprise 
software engineers. It is also appropriate for business professionals 
who would like to gain a comprehensive understanding of cloud 
computing. 


Prerequisites 


Before taking this course, students should be familiar with enterprise 
application architecture, distributed computing paradigms, and 
browser-based access. 
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Objectives 


After completing this course, you should be able to: 
e Define cloud computing 
e Identify the key characteristics of cloud computing 
e List the benefits of using clouds 
e Describe some of the challenges to adopting a cloud architecture 
e Describe key cloud computing concepts and terminology 
e Describe the service delivery models in cloud computing: 
- Identify the software as a service (SaaS) delivery model 
- Identify the platform as a service (PaaS) delivery model 
- Identify the infrastructure as a service (laaS) delivery model 
e List the various cloud deployment scenarios: 


- Describe the features of private, public, hybrid, and community 
clouds 


- List some additional cloud deployment types 


- Select the most appropriate deployment model based on a set 
of business and technical requirements 


e Review the integration of security into the cloud reference model 
e Describe security considerations in cloud computing 

e Identify security options available in cloud computing 

e Identify the top security threats to cloud computing 


e Describe the architecture of IBM cloud computing and IBM cloud 
computing offerings: 


- Position the various vendors in the service delivery model of 
cloud computing 


- Illustrate an IBM example cloud architectural configuration 
- Describe some of the IBM cloud offerings 


¢ Describe the capabilities of WebSphere CloudBurst and 
WebSphere Hypervisor Edition 


Curriculum relationship 
e N/A 


xiv Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Agenda 


Day 1 


(00:15) Course introduction 

(00:30) Unit 1. Overview of cloud computing 

(00:45) Unit 2. Cloud computing concepts 

(00:30) Unit 3. Cloud service delivery models 

(00:45) Unit 4. Cloud deployment scenarios 

(00:05) Demonstration 1. Requesting contract forms for the IBM Smart 
Business Development and Test Cloud 

(00:05) Demonstration 2. Reviewing a contract for the IBM Smart 
Business Development and Test Cloud 

(01:00) Unit 5. Security in cloud computing 

(00:45) Unit 6. IBM cloud computing architecture and offerings 
(00:05) Demonstration 3. Instance creation on the IBM Smart 
Business Development and Test Cloud 

(00:05) Demonstration 4. Connecting to an instance on the IBM Smart 
Business Development and Test Cloud 

(00:05) Demonstration 5. Getting a fixed IP address, storage, and keys 
on the IBM Smart Business Development and Test Cloud 

(00:30) Unit 7. IBM WebSphere CloudBurst and IBM WebSphere 
Hypervisor edition 

(00:10) Demonstration 6. Showing WebSphere CloudBurst 

(00:10) Unit 8. Course summary 

(00:10) Final exercise: Cloud computing crossword 
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Unit 1. Overview of cloud computing 


Estimated time 


00:30 


What this unit is about 


This unit provides you with an introduction to cloud computing. 


What you should be able to do 


After completing this unit, you should be able to: 


Define cloud computing 


Describe the key characteristics of cloud computing 


Describe the benefits of using clouds 


Describe some driving factors towards using cloud computing 


Describe some of the concerns related to cloud computing 


Compare grid computing with cloud computing 


Provide authentic examples of cloud computing 


How you will check your progress 


e Checkpoint 


References 


http: //csrc.nist .gov/groups/SNS/cloud-computing/ 
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WebSphere Education 


Unit objectives 


After completing this unit, you should be able to: 

e Define cloud computing 

e Describe the key characteristics of cloud computing 

e Describe the benefits of using clouds 

e Describe some driving factors towards using cloud computing 
e Describe some of the concerns related to cloud computing 

e Compare grid computing with cloud computing 

Provide authentic examples of cloud computing 
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Figure 1-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — List the unit objectives. 
Details — 

Additional information — 


Transition statement — 
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What is a cloud? 


The Cloud 


Web 
SaaS applications 


Hosting PaaS 


Web laaS 
hosting 


Infrastructure 
utility 
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Figure 1-2. What is a cloud? WS009 / VS0091.0 


Notes: 


The term cloud is used as a metaphor for the Internet, based on how the Internet is 
depicted in computer network diagrams and is an abstraction for the complex infrastructure 
it conceals. 


e Hosting refers to fixed, dedicated resources. 

e Web hosting refers to hosted and dedicated web applications and web content. 

e SaaS are shared applications accessed as a service (more on this in a later unit). 
e PaaS refers to platform provided as a service (more on this in a later unit) 

e laaS is infrastructure provided as a service (as well....more on this in a later unit) 


e Infrastructure utility is industrialized computing resources (or those resources that have 
been commoditized). 


e Web applications are provider dedicated web applications and web content. 
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Instructor notes: 
Purpose — 
Details — Cloud represents a commoditization for the delivery of IT supported services. 


There is not one single cloud, but rather the coexistence of multiple types of clouds based 
on different workloads, programming models, and specific application requirements. 


Additional information — 


Transition statement — 


© Copyright IBM Corp. 2010 Unit 1. Overview of cloud computing 1-5 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Definition of cloud 


e cloud (noun) 
— A network that delivers requested virtual resources as a service 
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Figure 1-3. Definition of cloud WS009 / VS0091.0 


Notes: 
This slide simply gives the definition of cloud as it relates to cloud computing: 


cloud (noun): a network that delivers requested virtual resources as a service. 
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Instructor notes: 


Purpose — 
Details — Cloud is a new consumption and delivery model for consumer Internet services. 
Additional information — 


Transition statement — 
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Definition of cloud computing 


e Cloud computing is a model for enabling convenient, on-demand 
network access to a shared pool of configurable computing resources 
that can be rapidly provisioned and released with minimal management 
effort or service provider interaction 


— From the National Institute of Standards and Technology definition of cloud 
computing V15 at 
http://csre.nist .gov/groups/SNS/cloud—-computing/ 
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Figure 1-4. Definition of cloud computing WS009 / VS0091.0 


Notes: 


The definition of cloud computing is taken from the National Institute of Standards and 
Technology definition of cloud computing V15, dated 10-7-2009. 


Cloud computing is a model for enabling convenient, on-demand network access to a 
shared pool of configurable computing resources (for example, networks, servers, storage, 
applications, and services) that can be rapidly provisioned and released with minimal 
management effort or service provider interaction. 


Irving Wladawsky-Berger, consultant and emeritus Vice President IBM technology, 
provides this definition: 


“I view cloud computing as a broad array of web-based services aimed at allowing users to 
obtain a wide range of functional capabilities on a ‘pay-as-you-go’ basis that previously 
required tremendous hardware and software investments and professional skills to acquire. 
Cloud computing is the realization of the earlier ideals of utility computing without the 
technical complexities or complicated deployment worries.” 
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Instructor notes: 


Purpose — 


Details — Cloud is also a new type of user experience (along the lines of the paradigm 
shift in using Google’s search engine). It means being able to acquire services without 
needing to understand the underlying technology. 


Additional information — 


Transition statement — 
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Key characteristics of cloud computing (1 of 2) 


e On-demand self-service 


— Focuses on delivering IT services driven by user requests 
— No human interaction with the cloud provider 


— Cloud computing provides a means of delivering computing services that makes 
the underlying technology, beyond the user device, almost invisible 


e Ubiquitous network access 


— Focuses on delivering IT services anytime, anywhere, and through user-chosen 
devices 


— Users accessing services via Internet technologies expect a secure, “always-on” 


computing infrastructure that delivers as easily and reliably as electricity from a 
wall outlet 
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Figure 1-5. Key characteristics of cloud computing (1 of 2) WS009 / VS0091.0 


Notes: 


On-demand self-service focuses on delivering IT services driven by user requests. 


Users accessing services via Internet technologies expect a secure, “always-on” 


computing infrastructure that delivers as easily and reliably as electricity from a wall outlet, 
requiring a fundamental change in how services are delivered. 
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Instructor notes: 


Purpose — 


Details — Cloud enables consumer self-service and new sourcing options for accessing 
services. The consumer of a service interacts usually via a portal Ul to access on-demand 
computing resources. 


Additional information — 


Transition statement — 
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Key characteristics of cloud computing (2 of 2) 


e Pool of virtualized resources 


— Focuses on delivering IT services through resource pools that can expand and 
contract based on the requirements of the underlying workload and the usage 
characteristics 


e Utility-based pricing 
— Focuses on delivering IT services that can be metered for usage and charged for 
(if needed) through pricing models including subscription, usage pricing 


— Service level agreements (SLAs) 
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Figure 1-6. Key characteristics of cloud computing (2 of 2) WS009 / VS0091.0 


Notes: 


Another key characteristic is elasticity of resources. IT services are delivered through 
resource pools that can expand and contract based on the requirements of the underlying 
workload and the usage characteristics. 


Flexible pricing models allow for subscription and usage-based pricing. Using the cloud, 
you can rent the hardware and software you need rather than purchasing them outright. 


The quality of service when using clouds is negotiated and measured against service level 
agreements, or SLAs. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Why use clouds? 


e Better capital utilization 
— Pay-as-you-go 
— The unit cost of on-demand capacity may be higher than the unit cost per time 
unit of fixed capacity; offset by no charge when capacity is not being used 


Accelerate software development, deployment, and testing 
— Fast provisioning of resources 

Elasticity of resources 

— Scalable and flexible use of resources 


e Access to complex infrastructure and resources without internal 
resources 


Support for geographically distributed users 
e New business opportunities 


© Copyright IBM Corporation 2010 


Figure 1-7. Why use clouds? WS009 / VS0091.0 


Notes: 


Here you see some of the reasons why you may consider migrating to a cloud computing 
model. 


e Better capital utilization: 


In the traditional model you provision for peak loads, or the maximum utilization. With 
cloud computing you are charged on a usage basis. 


Note: The unit cost of on-demand capacity may be higher than the unit cost per time 
unit of fixed capacity. This is offset by not having to pay for the resource when not in 
use. 


If: 
- Unit cost per time unit of fixed capacity = C 
- Utility premium (multiplier for utility) = U 
Then: 


- Unit cost of on-demand capacity = U * C 
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e Accelerate software development, deployment, and testing: 
Faster provisioning of resources is a key benefit in using clouds. Instead of taking 
weeks to set up the environment, it can be provisioned in minutes. 


e Elasticity of resources: 
With cloud computing you have access to a pool of virtualized resources that can 
expand and contract on demand. 


e Access to complex infrastructure and resources without internal resources: 
Provisioning of infrastructure and application services can be outsourced to cloud 
providers. 


e Support for geographically distributed users: 
Access to resources in the cloud are based on standard Internet transports and 
protocols. 


e New business opportunities: 
There are new business opportunities for providers to host cloud services and vendor 
applications. 
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Instructor notes: 
Purpose — 


Details — Studies have shown that in distributed computing environments, up to 85% of 
computing capacity sits idle. Cloud-based solutions make better use of computing 
resources by making resources available on demand — when they are needed, and only at 
that time. Consumers pay for only what they use. Smart metering and billing tracks actual 
usage according to defined metrics and translates them into either an internal chargeback 
or an invoice for the public cloud customer. 


Additional information — 


Transition statement — 
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How clouds are changing industry 


An enabler of business transformation 


Creating new business models 


Enabling innovation 


Reengineering of business processes 


Support for new levels of collaboration 
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Figure 1-8. How clouds are changing industry WS009 / VS0091.0 


Notes: 


Clouds are enablers for business transformation by changing industries in the following 
ways: 


¢ Creating new business models: 
The use of clouds changes how resources are procured, sourced, and delivered. 
Hardware and software can be rented on a pay-per-use basis. 


e Enabling innovation: 
Cloud computing uses the power of the Internet and grid computing to move towards a 
virtual enterprise that is not limited by hardware constraints. 


e Reengineering of business processes: 
Applications need to be built to be machine independent, container-managed, with 
small memory footprints. 


¢ Support for new levels of collaboration: 
Collaboration using the cloud is not restricted to a single geographical location. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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How clouds are changing IT 


An evolution of information technology 


Changing the economics of IT 


Automating service delivery 


Exploiting standardization 


Rapidly deploying new capabilities 
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Figure 1-9. How clouds are changing IT WS009 / VS0091.0 


Notes: 
Clouds are enablers for IT transformation by changing IT in the following ways: 


¢ Changing the economics of IT: 
Cloud computing is driving operational efficiencies in IT through better use of resources. 


¢ Automating service delivery: 
The term self service means that developers and testers can directly procure the 
resources they need to complete their tasks without going through lengthy procurement 
chains. This results in a significantly shortened procurement period, and it means that 
developers and testers can quickly get to the task at hand. 


¢ Exploiting standardization: 
Access to clouds is through standard Internet transports and protocols, providing 
access to a range of user devices. 


¢ Rapidly deploying new capabilities: 
Test and operation teams may have different conventions and configurations from 
development teams, and this can lead to unintended application behavior and delays in 
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service delivery. Cloud computing offers a potential solution to this problem by offering 
prebuilt solution stacks. These solution stacks are ready to deploy configurations, which 
include the application and entire environment, including the operating system. The 
stack can be captured as an image (for example, OVF image or Amazon Machine 
Image). The image can be transferred between each team along the delivery cycle. 
Administrators can see the exact environment in which the application was designed 
and unit tested, and they can balance needed changes to that environment against a 
known, working solution. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Driving factors towards cloud computing (1 of 2) 


e Poorly utilized resources driving up hardware and labor costs 


— Setting up a new environment is expensive; there is an incentive to hold on to 
them “just in case” 


— Each new project requisitions new hardware instead of recycling unused 
hardware; this takes time and money 
e Takes too long to create middleware infrastructures 
— Average lead time to get a new application environment is 4—6 weeks 


— Approvals, procurement, shipment, hardware installation, license procurement, 
OS installation, configuration, application installation 


e Creating middleware infrastructures is a manual process and error 
prone 


— Minor differences in configurations can introduce errors or bugs that are difficult 
to detect 


— Often only emerge when moving from test to production 
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Figure 1-10. Driving factors towards cloud computing (1 of 2) WS009 / VS0091.0 


Notes: 
These are some of the factors driving the adoption of cloud computing: 
¢ Poorly utilized resources driving up hardware and labor costs 


Setting up a new environment is expensive; there is an incentive to hold on to them “just 
in case.” 


Each new project requisitions new hardware instead of recycling unused hardware; this 
takes time and money. 


* Takes too long to create middleware infrastructures 
The average lead time to get a new application environment is 4—6 weeks. 


Approvals, procurement, shipment, hardware installation, license procurement, OS 
installation, configuration, and application installation need to be considered. 


e Creating middleware infrastructures is a manual process and error-prone 


Minor differences in configurations can introduce errors or bugs that are difficult to 
detect. These often only emerge when moving from test to production. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Driving factors towards cloud computing (2 of 2) 


e Each application must be sized to support peak load 
— Idle resources during non-peak times 
e Inability to use idle resources to handle extra load 
— Quality of service may suffer during periods of exceptional load 


Supply chain Inventory 
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Figure 1-11. Driving factors towards cloud computing (2 of 2) WS009 / VS0091.0 


Notes: 


In this example, the supply chain, inventory, and retail applications have been sized to 
support their respective peak loads. This leads to under-utilized hardware and software 
during off-peak periods. 


In addition, during peak periods, quality of service may be degraded during periods of 
exceptional load. 


It would be better to have a pool of shared resources that can be managed as a single 
logical entity that can be provisioned and deprovisioned on demand. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Concerns related to cloud computing 
e Maturity 


— Is the technology ready for production-level deployment? 


Standards 
— Still being developed 


e Security concerns 
— Multiple customers sharing the same resources 


Interoperability 
— Many different vendor APIs 


Control of data 
— Organizational level of comfort with data being outside traditional IT 
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Figure 1-12. Concerns related to cloud computing WS009 / VS0091.0 


Notes: 


The question arises: Is cloud ready for prime-time? Beyond the hype, many vendors are 
investing and competing in this space. Competition among vendors drives innovation in 
cloud computing. 


Open Cloud Manifesto (http: //ww. opencloudmanifesto.org) is a statement of the 
principles for maintaining the openness of cloud computing. It has over 250 organizations 
signed on as supporters. 


The security concerns of customers sharing the same resources can be mitigated through 
techniques such as encryption. Only making public-domain data available in public clouds 
is another way of tackling this issue. 


Interoperability is the ability to write code that is supported across a number of cloud 
providers, as well as the ability to move to a different cloud provider. 


In the majority of cases, organizations want to be in control of their own data. This 
requirement is addressed through the use of private clouds, which are covered in a later 
unit. 
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Instructor notes: 
Purpose — 
Details — The key success factors in an infrastructure that is “cloud-ready” are: 
e Open standards based 
e Advanced virtualization and automation 
e Common processes and components 
e Advanced security and resiliency 
Additional information — 


Transition statement — 
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Other technologies that can be used in cloud computing 


e Grid technology 

e Service-oriented architectures 
e Web 2.0 

e Open source software 

e Autonomic systems 
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Figure 1-13. Other technologies that can be used in cloud computing WS009 / VS0091.0 


Notes: 


A number of complementary technologies may be used in delivering cloud-based solutions, 
but are not required in every situation. These include: 


e Grid technology 
There are several situations where grid technology and cloud can be used together. 
Grids provide automatically scalable resources that are made available over a network, 
and from this perspective, there is a convergence with clouds. 


e Service-oriented architectures 
SOA is an architecture, not a software product. Cloud computing does not prerequisite 
a service-oriented architecture, and you can make use of cloud technology without first 
adopting an SOA. However, there are some service models of clouds that can make 
use of web services that have been defined in SOA. Notably, this is the software as a 
service model (SaaS) of cloud computing. The various cloud service models are 
covered in a later unit. 


e Web 2.0 
Web 2.0 is based on a collection of architectural styles and technologies. Web 2.0 


1-28 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


introduced a more collaborative approach to the use of web resources. It describes an 
architectural style in which service consumers and service providers interact in a 
RESTful way. REST is the abbreviation for Representational State Transfer. 


e Open source software 
Open source software is often used in cloud computing to reduce the rental cost of 
cloud resources. 


e Autonomic systems 
Autonomic systems are complex computer environments that manage themselves. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Comparing grid with cloud computing 


Fere | O ora O | aea 


Architecture User-specified 


Platform Client software Works in a 
awareness must be grid- customized 
enabled environment 


provided by the 
service provider 


Scalability Nodes Nodes and 
infrastructure 
Standardization Interoperability Lack of standards 
and standards for interoperability 
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Figure 1-14. Comparing grid with cloud computing WS009 / VS0091.0 


Notes: 


The slide provides some of the capability comparisons between grid and cloud computing. 


Grid computing involves applying the resources of many computers in a network, working 
in concert or parallel, to solve a single problem at the same time. Cloud computing provides 
resources for many independent tasks. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Public 


¢ Amazon Web Services 


» Mapquest e GoGrid 
e Rackspace 
e Zoho 
e VMware 
e Salesforce.com 
e Google 


e Google App Engine 
e Windows Azure 
e Appexchange 
e Facebook 
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Figure 1-15. Public clouds (commercial) WS009 / VS0091.0 


Notes: 


There are generally two types of clouds: public (commercial) and private clouds. Often 
depicted as being available to users from a third-party provider, public clouds are typically 
made available via the Internet and may be free or inexpensive to use. There are many 
examples of these types of clouds, providing services across open, public networks today. 
One example is Amazon Web Services, where IBM has made available new Amazon 
Machine Images (AMIs) for development and test purposes, enabling software developers 
to build preproduction applications based on IBM software within the Amazon Elastic 
Compute Cloud (EC2) environment. 


In later units the different cloud deployment models (public and private clouds) are covered 
in more detail. 
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Instructor notes: 


Purpose — 


Details — Public cloud services are characterized as being available to customers from a 
third-party provider. Public implies that the services are accessible to anyone via the 
Internet, but it does not mean that the cloud services are free, although they may be 
inexpensive to use. 


Additional information — 


Transition statement — 


1-34 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Unit summary 


Having completed this unit, you should be able to: 

e Define cloud computing 

Describe the key characteristics of cloud computing 

Describe the benefits of using clouds 

e Describe some driving factors towards using cloud computing 
e Describe some of the concerns related to cloud computing 

e Compare grid computing with cloud computing 

Provide authentic examples of cloud computing 


© Copyright IBM Corporation 2010 


Figure 1-16. Unit summary WS009 / VS0091.0 
Notes: 
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Instructor notes: 
Purpose — Summarize the learning points in the unit. 


Details — This can either be a repeat of the unit objectives or another form of summary of 
the learning points. 


Additional information — 


Transition statement — 
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Ife] 


Checkpoint 
1. True or False: A pay-per-usage solution makes sense if the unit 


cost of cloud services is ower than the equivalent unit cost of 
dedicated owned capacity. 


2. Match the following descriptions with the best definition: 


1) Developers and testers can A. Virtualization 
procure resources on demand 


2) Diverse resource pool can be B. Prebuilt solution stack 
viewed as a single logical entity 


3) Provides aconsistent deployment | C. Self-service 
configuration 
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Figure 1-17. Checkpoint WS009 / VS0091.0 


Notes: 


Write your answers here: 
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Instructor notes: 

Purpose — Discuss the checkpoint questions to verify understanding. 
Details — 

Additional information — 


Transition statement — 
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Ife] 


Checkpoint answers 


1. True or False: A pay-per-usage solution makes sense if the unit 
cost of cloud services is ower than the equivalent unit cost of 
dedicated owned capacity. 

Correct answer: True 


2. Match the following descriptions with the best definition: 


1) Developers and testers can C. Self-service 
procure resources on demand 


2) Diverse resource pool can be A. Virtualization 
viewed as a single logical entity 


3) Provides aconsistent deployment | B. Prebuilt solution stack 
configuration 
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Figure 1-18. Checkpoint answers WS009 / VS0091.0 


Notes: 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Unit 2. Cloud computing concepts 


Estimated time 


00:45 


What this unit is about 


This unit covers cloud computing concepts and terminology. 


What you should be able to do 


After completing this unit, you should be able to: 


e Describe how cloud computing leverages the Internet 


Describe elasticity and scalability 


Define virtualization 


List the characteristics of virtualized environments 


Define hypervisors 


Compare virtualized and nonvirtualized systems 


Describe the types of hypervisors 


Explain provisioning and deprovisioning 


Describe multitenancy 


Describe management in cloud computing, including governance, 
tooling, and automation 


How you will check your progress 


e Checkpoint 
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Unit objectives 


After completing this unit, you should be able to: 


Describe how cloud computing leverages the Internet 
Describe elasticity and scalability 

Define virtualization 

List the characteristics of virtualized environments 
Define hypervisors 

Compare virtualized and nonvirtualized systems 
Describe the types of hypervisors 

Explain provisioning and deprovisioning 

Describe multitenancy 


Describe management in cloud computing, including governance, 
tooling, and automation 
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Figure 2-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — List the unit objectives. 
Details — 

Additional information — 


Transition statement — 
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Topics 


e Concepts of cloud computing 
e Management, tooling, and automation in cloud computing 
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WS009 / VS0091.0 


Figure 2-2. Topics 


Notes: 
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Instructor notes: 

Purpose — List the topics in this unit. 
Details — 

Additional information — 


Transition statement — 
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2.1. Concepts of cloud computing 


Instructor topic introduction 
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Concepts of cloud 
computing 


a © Copyright IBM Corporation 2010 
~Gourse materials may not be reproduced in whole or in part without the prior written permission of IBM. 


Figure 2-3. Concepts of cloud computing WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — Introduce the topic. 
Details — 

Additional information — 


Transition statement — 
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Cloud computing leverages the Internet 
e Cloud computing is the next stage of evolution of the Internet. 
e Cloud computing is Internet-based computing, whereby shared 


resources, software and information are provided to computers 
(hardware) and other devices on-demand, like the electricity grid. 


e Cloud is a new consumption and delivery model 
inspired by consumer Internet services 


Computer 
services 


e Cloud enables: 


Cloud 
computing 
model 


= Self-service 
= Sourcing options 
= Economies of scale 
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Figure 2-4. Cloud computing leverages the Internet WS009 / VS0091.0 


Notes: 


Simply put, a cloud is an online environment for access to computer resources, such as: 
e Computing power 
e Storage 
e Management 
e Applications 


The availability of broadband access to the Internet has opened new opportunities for 
delivering services to consumers or clients via the Internet. Benefits from other areas such 
as service-oriented architectures, virtualization of resources, fine-grained metering, and 
flexible billing, have brought about a new business model of cloud computing. Cloud 
computing is a model for enabling convenient, on-demand network access to a shared IT 
infrastructure. A company may outsource its technologies to independent service providers 
(ISP) who host the services and rent them back to the company on a per-usage basis. 
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Instructor notes: 


Purpose — 


Details — Cloud computing is an evolving paradigm. It is difficult to isolate a single 
technological trigger for cloud computing. A number of incremental improvements in 
various areas (such as fine-grained metering, flexible billing, virtualization, broadband, 
service-oriented architecture, and service management) have come together recently. 
Combined, they enable new business models that can dramatically affect cost and cash 
flow patterns and are therefore of great interest to the business, especially in a downturn 
economy. 


Additional information — 


Transition statement — 
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Positioning cloud to a grid infrastructure 


e Grid computing links disparate computers to form one large (virtual) 
infrastructure, leveraging unused resources 


e Grid computing is one vehicle that allows the cloud to scale up, or 
down, to meet the demand 


e Grid sizes vary, from forming a “super virtual computer” composed on 
many networked loosely coupled computers to form a single task, to a 
smaller redundant dual computer system 
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Figure 2-5. Positioning cloud to a grid infrastructure WS009 / VS0091.0 


Notes: 


For further information refer to the article “Cloud computing versus grid computing” by 
Judith Myerson at: http://www. ibm. com/developerworks/web/1library/wa-cloudgrid/ 
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Instructor notes: 


Purpose — 


Details — Regardless of the architectural paradigm, grids are scalable, connecting diverse 
computer systems which are virtualized to the user as one system. 


e Star architecture 

e Bus architecture 

e Hub architecture 
Additional information — 


Transition statement — 
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Elasticity and scalability 


e Elasticity is the ability to expand or shrink a computing resource in real 
time, based on the user’s computing requirements 


— The ability to scale 
— Sometimes referred to as “right-sizing” 
e Cloud service providers provide services based on usage 
e This usage must meet service level agreements (SLA) while minimizing 
cost 
Elasticity and scalability are used to achieve this 
— Cloud services scale up to meet demand 
— Cloud services scale down when higher demand is not required 
— Customers only pay for services used 
e An example of when elasticity is valuable is during load testing 
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Figure 2-6. Elasticity and scalability WS009 / VS0091.0 


Notes: 


Customers who retain cloud services from a cloud services provider have processing 
demands, which must be met. These demands are identified in service level agreements. 
The cloud provider cannot predict when customers require peak demands. To meet these 
demands, the cloud infrastructure has the ability to scale upward, stretching like a rubber 
band. When customers use a cloud infrastructure that utilizes more resources, they pay for 
this. However, when the peak load is over, the cloud infrastructure shrinks, or scales down, 
to the required resources. At this point in time, the customer is only paying the reduced 
infrastructure cost. The elastic nature of cloud computing offers customers the resource 
power when required, without forcing them to pay for peak performance infrastructure costs 
the entire time. Instead, they pay only for the resources they use. Elasticity is a major 
benefit to cloud computing. 
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Instructor notes: 


Purpose — 


Details — Elasticity is one of the “strongest” words associated with cloud computing 
technology. Understanding this concept and the implementation of it is critical for students 
to have a solid understanding of cloud computing. A good example of cloud computing and 
elastic implementation is Amazon’s EC2. 


Amazon, whom many credit with creating cloud computing, offers Amazon EC2, in which 
the work elastic is in the title: Amazon Elastic Compute Cloud (Amazon EC2). Amazon EC2 
is a web service that provides resizeable compute capacity in the cloud. It is designed to 
make web-scale computing easier for developers. 


Additional information — 


Transition statement — 
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Scale up on demand 


Scale down on demand 


2» 
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Figure 2-7. Elastic use of resources WS009 / VS0091.0 


Notes: 


This slide depicts the elastic use of resources in cloud computing. 
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Instructor notes: 


Purpose — 


Details — In cloud computing as additional resources are needed, the cloud allocates 
them automatically — nothing is required of the user. The system simply “scales up” to 
meet demand. When the resources are no longer required, the cloud scales down. This is 
an enormous benefit since cloud consumers only pay for the resources when they are 
required. 


Additional information — 


Transition statement — 
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Virtualization 


resources 


e Virtualization involves a shift in thinking from physical to logical 
— Treating IT resources as logical resources rather than separate physical 


virtual environment: 


e With virtualization, you can consolidate the following resources into a 
— Processors 


— Storage 


— Networks 
e With virtualization, one physical resource can be made to look like 
multiple virtual resources 


— Virtual resources can have functions or features that are not available in their 
underlying physical resources. 


Figure 2-8. Virtualization 


Notes: 


© Copyright IBM Corporation 2010 


WS009 / VS0091.0 
Virtualization improves IT resource utilization by: 


¢ Treating your company’s physical resources as pools from which virtual resources can 
be dynamically allocated 


Virtualization involves a shift in thinking from physical to logical: 
e Processors 


With virtualization, you can consolidate the following resources into a virtual environment: 


¢ Treating IT resources as logical resources rather than separate physical resources 
e Storage 


e Networks 


underlying physical resources. 


With virtualization, you can make one physical resource look like multiple virtual resources. 
e Virtual resources can have functions or features that are not available in their 
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Instructor notes: 


Purpose — 


Details — Virtualization and provisioning (deprovisioning) are very closely related. 
Provisioning will be covered later in the presentation. 


Additional information — 


Transition statement — 
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What can be virtualized? 


e Virtualization may refer to: 
— Hardware 
Networks 
Storage 
— Operating systems 
Applications 
Desktop 
— Data 
e The main advantage of virtualization in cloud computing is that the 
software is decoupled from the hardware 


— Decoupling allows hosting an individual application in an environment that is 
isolated from underlying operating system 
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Figure 2-9. What can be virtualized? WS009 / VS0091.0 


Notes: 


Decoupling changes the software from being dependent on the underlying hardware to 
being independent of the hardware. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Characteristics of virtualization 


e Partitioning 
— Run multiple application and operating systems in a single physical machine 
by partitioning the available resources 


e Isolation 


— Virtual machines are completely isolated from hosts and other virtual 
machines 


e Encapsulations 


— Encapsulate the entire state of a virtual machine in hardware-independent 
files 
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Figure 2-10. Characteristics of virtualization WS009 / VS0091.0 


Notes: 


The characteristics of a virtualized environment can be summed up as being partitioned, 
isolated, and encapsulated. 


Partitioning 


e Run multiple application and operating systems in a single physical machine by 
partitioning the available resources. 


e Allocation of resources to virtual machines intelligently based on user needs. 
e Support high availability by clustering virtual machines. 
Isolation 
e Virtual machines are completely isolated from hosts and other virtual machines. 
e Crash of a virtual machine does not affect other virtual machines. 


¢« Data is not shared between virtual machines. 
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e Virtual machines can only communicate through specifically configured network 
connections. 


Encapsulations 
e Encapsulate the entire state of a virtual machine in hardware-independent files. 


e These files contain the operating system and application files plus the virtual machine 
configuration. 
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Instructor notes: 
Purpose — 


Details — Characteristics of virtualization differ depending on the source. What is offered 
here is one perspective. 


Additional information — 


Transition statement — 


2-24 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Benefits of virtualization 


e Consolidation to reduce hardware cost 
— Enables you to have a single server function as multiple virtual servers 
e Optimization of workloads 


— Can increase the use of existing resources by enabling dynamic sharing of 
resource pools 


e IT flexibility and responsiveness 


— Enables you to have a single, consolidated view of, and easy access to, all 
available resources in the network, regardless of location 
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Figure 2-11. Benefits of virtualization WS009 / VS0091.0 


Notes: 
The benefits of virtualization can be summarized as follows: 
Consolidation to reduce hardware cost 


e Enables you to efficiently access and manage resources to reduce operations and 
systems management costs while maintaining needed capacity 


e Enables you to have a single server function as multiple virtual servers 
Optimization of workloads 
e Enables you to respond dynamically to the application needs of its users 


¢ Can increase the use of existing resources by enabling dynamic sharing of resource 
pools 


IT flexibility and responsiveness 


e Enables you to have a single, consolidated view of, and easy access to, all available 
resources in the network, regardless of location 
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e Enables you to reduce the management of your environment by providing emulation for 
compatibility, improved interoperability, and transparent change windows 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Virtualization in cloud computing 


Reduced 
costs 


Energy 


2 Standardization Automation 
efficiency 


Virtualization 


...leverages virtualization, standardization and service management 
to free up operational budget for new investment 


Aailit Business and Service Industry Optimized 
Oey IT alignment flexibility standards business 
...allowing you to optimize new investments for 
direct business benefits 
© Copyright IBM Corporation 2010 
Figure 2-12. Virtualization in cloud computing WS009 / VS0091.0 
Notes: 


An effective cloud computing deployment is built on a dynamic application infrastructure 
and is highly optimized to achieve more results with fewer resources. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Hypervisors 

e Virtualization software that allow multiple operating systems to run on 
the same computer concurrently 

e Use a thin layer of code in software or firmware to achieve fine- 
grained, dynamic resource sharing 

e Provide the greatest level of flexibility in how virtual resources are 
defined and managed 

e Primary technology of choice for system virtualization 

e May mediate access to: 

— Memory 

Data storage, 

Processing capacity 

Network connections 

e An example of a hypervisor is VMware ESX 
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Figure 2-13. Hypervisors WS009 / VS0091.0 


Notes: 


In the early days of computing, the operating system was called the supervisor. With the 
ability to run operating systems on other operating systems, the term hypervisor resulted. 


Hypervisors are virtualization software that allow multiple operating systems to run on the 
same computer concurrently. 


Hypervisors use a thin layer of code in software or firmware to achieve fine-grained, 
dynamic resource sharing. 


Because hypervisors provide the greatest level of flexibility in how virtual resources are 
defined and managed, they are the primary technology of choice for system virtualization. 


Hypervisor might mediate access to: 
e Memory 
e Data storage 
e Processing capacity 


e Network connections 
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An example of a hypervisor is VMware ESX. 


VMware ESX are “bare-metal” hypervisor architectures, meaning that they install directly 
on top of the physical server and partition it into multiple virtual machines that can run 
simultaneously, sharing the physical resources of the underlying server. Each virtual 
machine represents a complete system, with processors, memory, networking, storage and 
BIOS, and can run an unmodified operating system and applications. 


For more information see: 
http: //ww.vnware.com/products/vsphere/esxi-and-esx/index .html, Sept. 28, 2010 
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Instructor notes: 
Purpose — 


Details — A hypervisor, also known as virtual machine monitor (VMM), allows multiple 
operating systems to run concurrently on a host computer, a feature called hardware 
virtualization. It is so named because it is conceptually one level higher than a supervisor. 
The hypervisor presents the guest operating systems a virtual operating platform and 
monitors the execution of the guest operating systems. Multiple instances of a variety of 
operating systems may share the virtualized hardware resources. 


Additional information — 


Transition statement — 
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Comparing non-virtualized versus virtualized systems 


Non-virtualized system Virtualized system 
Component Component Component Component 
Application A Application B Application A Application B 
Generic OS Generic OS 

Operating system A||Operating system B 


| Lppsmiece 


Server Server 
Virtual hardware A\ |Virtual hardware B 
Server 
Hardware C 


Generic OS Generic OS 
Operating system A||Operating system B 
Server Server 
Hardware A Hardware B 
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Figure 2-14. Comparing non-virtualized versus virtualized systems WS009 / VS0091.0 


Notes: 
1. Non-virtualized system: 


Because each system has its own separate hardware, the amount of processing power 
that is available to each application is fixed. 


If application A comes under heavy use, it might run slowly, while application B might be 
idle. Thus, the processing capacity on hardware B might be underused. 


2. Virtualized system: 


By running both applications on the same hardware through a hypervisor, you can 
direct resources to the system that needs them. 


With systems A and B virtualized on the same hardware, the hypervisor can provide 
more processing capacity and memory to the application that is being used more 
heavily. 
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Instructor notes: 


Purpose — 


Details — Virtualization helps customers gain control of energy and management costs. 
Normally from a cost perspective, the greater the resource utilization, the greater the 
savings. The more of the workloads that can be virtualized, the greater the cost savings. 


Additional information — 


Transition statement — 
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Type 1 hypervisors 


e Type 1 (native or bare metal) hypervisors run directly on the system 
hardware 


i 


[| Application P] Application [| Application 


Operating system Operating system = Operating system 


Hypervisor 


The figure shows one physical system with a type 1 hypervisor 
running directly on the system hardware, and three virtual systems 


using virtual resources provided by the hypervisor. 
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Figure 2-15. Type 1 hypervisors WS009 / VS0091.0 


Notes: 

Type 1 (native or bare metal) hypervisors run directly on the system hardware. 

Type 1 hypervisors are typically the preferred approach because they can achieve higher 
virtualization efficiency by dealing directly with the hardware. 

Type 1 hypervisors provide higher performance efficiency, availability, and security than 
type 2 hypervisors. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 


2-36 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Type 2 hypervisors 


e Type 2 (or hosted) hypervisors run on a host operating system that 
provides virtualization services, such as I/O device support and 
memory management 


Operating system = Operating system 
0 O 
Application Application 


The figure shows one physical system with a type 2 hypervisor running 
on a host operating system and three virtual systems using the virtual 
resources provided by the hypervisor. 
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Notes: 


Type 2 (or hosted) hypervisors run on a host operating system that provides virtualization 
services, such as I/O device support and memory management. 


Type 2 hypervisors are used mainly on client systems where efficiency is less critical. 


Type 2 hypervisors are also used mainly on systems where support for a broad range of I/O 
devices is important and can be provided by the host operating system. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Provisioning and deprovisioning 


e Provisioning provides resources availability to users and software 
— Aprovisioning system controls applications available to users 
— And controls servers resources available to applications 
e Deprovisioning provides resources reduction to users and software, 
while deallocating back-end resources 
— Hardware 
— Software 
e Self-service provisioning allows customers to request the amount of 
computer services without going through a lengthy process. 
— Computing 
— Storage 
— Software 
— Process 
— Other resources 


e Eliminates many time delays 
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Notes: 


Mature virtualization technologies enable hosting providers to provision new environments 
for their customers very rapidly, and decommission them immediately when no longer 
required. 
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Instructor notes: 


Purpose — 


Details — Provision is tightly tied to virtualization in cloud computing. Provisioning software 
can either manually or automatically adjust the virtualized environment. 


Additional information — 


Transition statement — 
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Multitenancy 


e Cloud services must enable multitenancy — different companies 
sharing the same underlying resources 
e Software as a service modes of multitenancy: 


— Simple multitenancy — each customer has his own resources, which are 
segregated from other customers 


— This form of multitenancy is relatively inefficient 


— Fine grain multitenancy — all resources are shared, but the customer data and 
access capabilities are segregated within the application 


— This form of multitenancy is much more efficient offering superior economies of 
scale 


e Platform as a service modes of multitenancy: 


— This delivery model architecture allows multiple customers to run their copy 
separately from other customers through virtualization 


— Each customers code is isolated from each other 


e The key technical challenge of multitenancy is how to support multiple 
client organizations from shared instances of the software solution 
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Figure 2-18. Multitenancy WS009 / VS0091.0 
Notes: 


Multitenancy is the ability to deliver an application to multiple client organizations from a 
single instance of software. When building software as a service applications, or platforms 
as a service, organizations should design applications with multitenancy in mind to 
minimize the per-tenant cost of delivery. Technical challenges associated with building a 
multitenant application include access control, customization (data, user interface, and 
business logic) and isolation of data. 


Note: The software as a service (SaaS) and platform as a service (PaaS) delivery models 
are covered in a later unit. 
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Instructor notes: 


Purpose — 


Details — Multitenancy is another key term used in cloud computing. The diagram on the 
next slide helps students that are visual learners. Multitenancy refers to the situation where 
a single instance of an application runs on a SaaS vendor’s servers, but serves multiple 
client organizations, keeping all of the client data separate. In a multitenant architecture, a 
software application partitions its data and configuration so that each customer has a 
customized virtual application instance. 


Additional information — 


Transition statement — 
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Types of tenancy 


Simple multitenancy Fine grained multitenancy 
Client LCa Ta 


Client —> 
Client —> 
Client —> 
Client —»> 
© Copyright IBM Corporation 2010 
Figure 2-19. Types of tenancy WS009 / VS0091.0 


Notes: 


Simple multitenancy is also referred to as single-tenancy. Fine grained multitenancy is 
sometimes referred to as multitenancy. 


In the diagram, the simple multitenancy architecture has five customers leveraging a cloud 
which directs each customer to their own database. The fine grained multitenancy has five 
separate customers using a cloud that leverages a single database partitioned into five 
instances. 
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Application programming interfaces (API) 


e Cloud services should have standardized application programming 
interfaces (API) 


e The interface defines how two or more applications and data sources 
can communicate with each other 
— Multiple applications communicating 
— Multiple data sources communicating 


e The cloud API allows customers (companies) infrastructure or 
application to plug into the cloud 


e Currently, different cloud vendors are developing different APIs 
e Cloud APIs have not been standardized yet 


— Beware of vendor API lock-in 
— API integration may include SOAP and REST APIs Mz 
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Figure 2-20. Application programming interfaces (API) WS009 / VS0091.0 


Notes: 


APIs are a collection of programming interfaces that provide access from one computer 
system into another computer system’s software. 


© Copyright IBM Corp. 2010 Unit 2. Cloud computing concepts 2-45 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 


Purpose — 


Details — Different cloud vendors are offering different APIs. The goal of the industry, for 
the customers’ benefit, is to standardize the APIs. This has not been done yet. When 
customers start using a vendor’s nonstandardized APIs, they lock themselves into the 
vendor (unless customers want to spend money on a rewrite of the functionality). 


Additional information — 


Transition statement — 
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Billing and metering of services 


e To calculate the customer charge, cloud usage is tracked via metered 
services 
— The billing service is automated 
— Customer should be able to monitor usage 
e Billing services normally track: 
— Number of users 
— Capacity used 
— Services leveraged 
e Metered services normally provide: 
— A dashboard providing insight into application and services running in the cloud 
— SLA being met in the cloud 
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Figure 2-21. Billing and metering of services WS009 / VS0091.0 


Notes: 
Cloud environments have built-in services that bill customers. 
To calculate the customer charge, cloud usage is tracked via metered services. 
e The billing service is automated. 
e Customers should be able to monitor usage. 
Billing services normally track: 
¢ Number of users 
e Capacity used 
e Services leveraged 
Metered services normally provide: 
¢ A dashboard providing insight into application and services running in the cloud 


e SLA being met in the cloud 
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Potential problems may arise if service level agreements (SLA) are not clear up front and 
cloud providers add too many incidental charges. 
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Transition statement — 
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Economies of scale 


e Economies of scale refers to the cost advantages that an IT 
organization obtains due to expansion 
— The average cost per unit decreases as the scale of output increases 


— Reductions in unit cost as the size of a facility and the usage levels of other 
inputs increase 


— The more computer resources being used, the cheaper the price per resource 
e Cloud computing economies of scale promises to dramatically reduce 


the cost of computing over time and inevitably lead to greater adoption 
of the technology 
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Figure 2-22. Economies of scale WS009 / VS0091.0 


Notes: 


Economies of scale refers to the cost advantages that an IT organization obtains due to 
expansion. 


e The average cost per unit decreases as the scale of output increases. 


¢ Reductions in unit cost as the size of a facility and the usage levels of other inputs 
increase. 


¢ The more computer resources being used, the cheaper the price per resource. 


Cloud computing economies of scale promises to dramatically reduce the cost of 
computing over time and inevitably lead to greater adoption of the technology. 


Better communication prices: large data centers are positioned to negotiate better 
prices with communication providers, purchasing a great deal of bandwidth without 
paying such a high rate per gigabyte for a guaranteed service. 


Network virtualization is gained if the network is tailored to support the networking 
hardware. For example, Google designs its own switches. 
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Transition statement — 
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2.2. Management, tooling, and automation in cloud computing 


Instructor topic introduction 
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Management, tooling, and 
automation in cloud 
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Figure 2-23. Management, tooling, and automation in cloud computing WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — Introduce the topic. 
Details — 

Additional information — 


Transition statement — 
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Management: Governance 


e Governance is the process of applying policies relating to using 
services 

e Governance normally contains the principles and rules in which an 
organization should act 


— This includes automatic and manual processes, and the procedures for 
implementing these processes 


e Cloud governance is the shared responsibility between the user of the 
cloud services and the cloud provider 


— Understanding the boundaries of the user and cloud is critical to ensuring 
SUCCESS 
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Figure 2-24. Management: Governance WS009 / VS0091.0 


Notes: 


IT governance does the following: 


e Ensures that IT assets are implemented and used in accordance with agreed upon 
procedures and policies 


e Ensures that IT assets are properly maintained and controlled 


e Ensures that IT assets are providing the proper value — that is, supporting the 
organizations strategy and business goals 


Cloud governance is the shared responsibility between the user of the cloud services and 
the cloud provider. 


e Understanding the boundaries of the user and cloud is critical to ensuring success. 
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Governance: Risk list 


Considerations when moving into a cloud environment include: 


e Audit and compliance risk as to data access control, data jurisdiction, 
and maintaining an audit trail 


e Billing risks: ensuring the cloud provider has a solid process to ensure 
accurate billing 


e Contract risks: what if the cloud provider goes out of business? 
e Security risks: data confidentiality, data integrity, and privacy 

e Information risks: protection of intellectual property 

e Interoperability risks: multiple services must interoperate 


e Performance and availability risk: are service levels being met and key 
performance indicators being maintained? 


© Copyright IBM Corporation 2010 


Figure 2-25. Governance: Risk list WS009 / VS0091.0 
Notes: 
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Transition statement — 
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Management: Desktops in the cloud 


e In a virtualized desktop (desktop in the cloud), the applications, data, 
files, and graphics are separate from the physical desktop and stored in 
the data center (the cloud) 


e The most widely-used approach is virtual desktop infrastructure (VDI): 


— The virtual client is created on the server 


— Users have what appears to be a complete client desktop with access to all 
applications, data, and files, but they are actually just a virtual session on the 
server 


— However, the graphics are being sent to the client 
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Figure 2-26. Management: Desktops in the cloud WS009 / VS0091.0 


Notes: 
The four types of client virtualized desktops are: 
e Session-based computing: the user is running a session on the server. 


e Operating system streaming: the client operating system software is passed to the 
device — but only as much as needed. Some of the processing is occurring on local 
disk and in memory; the application, data, files and graphics are split between the client 
and server, streamed to the client when needed. 


e Virtual desktop infrastructure (VDI): the virtual client is created on the server. The 
user has what appears to be a complete client desktop with access to all applications, 
data, and files, but they are actually just a virtual session on the server. However, the 
graphics are being sent to the client. Today, this is the most widely used approach. 
Quite possibly, this class is using this approach with student ESX images. VMware and 
Citrix both provide these capabilities. 
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¢ PC blade: A server blade is an entire computer contained on a single blade slotted into 
a blade cabinet. A server blade can contain a number of PC blades. The desktop is a 
thin client used to access the PC blade. 
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Management: Managing devices in the cloud (1 of 2) 


e Managing assets 


Establish a detailed hardware asset register: a record itemizing all hardware 
assets 


Establish a software register: a record itemizing all software assets 
Control software licensee: track all software licenses 
Manage device costs: retire unused devices 
e Monitoring services 
— Application monitoring 


— Clarify service level agreements 

— Automated client backup 

— Remote management and maintenance 
— Client recovery 

— Failure analysis 
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Figure 2-27. Management: Managing devices in the cloud (1 of 2) WS009 / VS0091.0 


Notes: 


These are the management issues that need to be dealt with when running virtualized 
client desktops in the cloud: 


e Managing assets: 


Establish a detailed hardware asset register: a record itemizing all hardware assets. 


Establish a software register: a record itemizing all software assets. 


Control software licensee: track all software licenses. 
- Manage device costs: retire unused devices. 
e Monitoring services 


- Application monitoring: monitor client, network and application to identify poor 
performance. And map costs to actual application usage. 


- Service level maintenance: unclear service level agreements (SLA) are hard to 
monitor. 
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- Automated client backup: reduce the risk of data lost and shorten recovery time. 


- Remote management and maintenance, reduce costs by allowing for remote 
management and maintenance; especially on global assets. 


- Client recovery: restore client system and upgrades. 


- Root-cause analysis: gather information on failures, both hardware and software; 
this information may lead to faster recoveries, and reduce the probability of a similar 
future problem. 
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Management: Managing devices in the cloud (2 of 2) 


e Change management 
— Hardware provisioning 
— Software distribution and upgrade 
— Patch management 
— Configuration management 
e Security 
— Secure access control 
— Identity management 
— Integrated threat management 
— Automated security policy 
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Figure 2-28. Management: Managing devices in the cloud (2 of 2) WS009 / VS0091.0 


Notes: 


These are further management issues that need to be dealt with when running virtualized 
client desktops in the cloud: 


e Change management: 


- Hardware provisioning: rapid deployment of devices minimizes the time needed to 
support staff changes. 


- Software distribution and upgrade: the ability to distribute software to device 
throughout the cloud. 


- Patch management: automated patch management reduces the risk associated with 
bug fixes (patches are fixes to bugs). 


- Configuration management: automate the configuration settings in the desktop or 
cloud environment. 


e Security: 
- Secure access control: password protection, authentication, and access control. 


2-66 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


- Identity management: global content in all authorized resources in the cloud. 
- Integrated threat management: includes three types of threat management: 
1) Virtual private networks 
2) Intruder-detection systems 
3) While-listing programs that are allowed to run 


- Automated security policy: technology and process can be used to manage some 
aspects of security with policy. 
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Tooling 


e Tooling should aid application development, packaging, and 
deployment in a way that makes the finished project portable across 
multiple cloud infrastructures 

e Tools can assist with: 

— Allocation of physical resources, internal and external 
— Asset management 
— Resource virtualization 

e Tools should guide users through the physical makeup of the cloud 

based on the expected demand characteristics of the system 
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Figure 2-29. Tooling WS009 / VS0091.0 


Notes: 


Each layer of the cloud environment (infrastructure, platform, and application) contains 


tools: 
e Look for tools that are open, not necessary tied to the cloud provider. 
e If you switch cloud providers, do you need to learn all new tools? 
e Open standards may be key to providing more flexibility. 


Tooling should aid application development, packaging, and deployment in a way that 
makes the finished project portable across multiple cloud infrastructures. 


In the infrastructure layer, tools help the cloud provider build out the infrastructure. 
Tools can assist with: 

e Allocation of physical resources, internal and external 

e Asset management 


«e Resource virtualization 
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Tools should guide users through the physical makeup of the cloud based on the expected 
demand characteristics of the system. 
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Automation 


e Automation is required for: 
— Scale and speed of deployment AN 
— Dynamics of the environment 
— Cost of deployment 
e Automation goes hand-in-hand with virtualization 
— Acloud environment implies dynamic scaling based on demand 
— Implementing a manual process for this is too time consuming 


— Applications are structured in “independent blocks” that can be easily added or 
removed 


— Implementing virtualization assists with automation 
— Automation realizes the value of virtualization: dynamic scaling 
e Service automation used for security: 


— An automated way to analyze and manage security flows and processes in 
support of security compliance audits 


— Reporting any events which violate security policies or customer licensing issues 
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Figure 2-30. Automation WS009 / VS0091.0 


Notes: 
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Security 


e Cloud computing presents an added level of risk because essential 
services are often outsourced to a third party 


— The externalized aspect of outsourcing makes it harder to maintain data integrity 
and privacy, support data and service availability, and demonstrate compliance 


e Cloud computing shifts much of the control over data and operations 
from the client organization to its cloud provider 


— Clients must establish a trust relationship with the providers and understand the 
risks 


— A trust but verify relationship is critical 
e Security areas to focus on include: 
— Recognizing security risks 
— Carrying out required security tasks 
— Managing user identity 
— Using detection and forensics programs 
— Encrypting data 
— Creating a security plan 
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Figure 2-31. Security WS009 / VS0091.0 


Notes: 


Security will be covered in much greater detail in the unit on security. This slide only 
highlights some major areas of focus for security. 
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Unit summary 


Having completed this unit, you should be able to: 


Describe how cloud computing leverages the Internet 
Describe elasticity and scalability 

Define virtualization 

List the characteristics of virtualized environments 
Define hypervisors 

Compare virtualized and nonvirtualized systems 
Describe the types of hypervisors 

Explain provisioning and deprovisioning 

Describe multitenancy 


Describe management in cloud computing, including governance, 
tooling, and automation 
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Figure 2-32. Unit summary WS009 / VS0091.0 
Notes: 
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Purpose — Summarize the learning points in the unit. 


Details — This can either be a repeat of the unit objectives or another form of summary of 
the learning points. 


Additional information — 


Transition statement — 
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Checkpoint 


1. True or False: Cloud computing is a new delivery model inspired by the 
Internet. 


2. True or False: Cloud computing reduces the level of risk for the customer. 
3. Match the following description with its correct definition: 
The ability to expand and shrink resources . Hypervisor 


Make one physical resource appear as . Economies of scale 
multiple virtual resources 


The ability to run an Operating System on . Multitenancy 
another Operating System 


Provide resource availability to users and . Virtualization 
software 


Different companies sharing the same . Elasticity 
underlying resource 


Cost advantages that a IT organization . Provisioning 
obtains due to expansion 
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Figure 2-33. Checkpoint WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or False: Cloud computing is a new delivery model inspired by the Internet. 


2. True or False: Cloud computing does not normally reduce the level of risk for the 
customer. Cloud computing introduces new security threats as it introduces an 
additional layer of complexity. With additional layers come additional risks. 


3. Match the following description with its correct definition: 


The ability to expand and shrink resources E. Elasticity 


Make one physical resource appear as D. Virtualization 
multiple virtual resources 


The ability to run an Operating System on A. Hypervisor 
another Operating System 


Provide resource availability to users and . Provisioning 
software 


Different companies sharing the same . Multitenancy 
underlying resource 


Cost advantages that a IT organization . Economies of scale 
obtains due to expansion 
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Figure 2-34. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Unit 3. Cloud service delivery models 


Estimated time 


00:30 


What this unit is about 


This unit covers the delivery models used in cloud computing. 


What you should be able to do 


After completing this unit, you should be able to: 


Describe the service delivery models of cloud computing 


Explain software as a service (SaaS) 


Explain platform as a service (PaaS) 


Explain infrastructure as a service (laaS) 


Describe additional cloud services 


Illustrate a reference architecture for the PaaS cloud computing 
model 


How you will check your progress 


e Checkpoint 


References 


http: //csrc.nist .gov/groups/SNS/cloud-computing/ 
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Unit objectives 


After completing this unit, you should be able to: 

e Describe the service delivery models of cloud computing 

e Explain software as a service (SaaS) 

Explain platform as a service (PaaS) 

e Explain infrastructure as a service (laaS) 

Describe additional cloud services 

Illustrate a reference architecture for the PaaS cloud computing model 
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Figure 3-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Transition statement — 
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Cloud service models 


Software as a service (SaaS) 

— Use of software or applications that are delivered via a network 
Platform as a service (PaaS) 

— The middleware platform and solution stack are accessible on the cloud 
Infrastructure as a service (laaS) 

— Provision servers, storage, and networking resources 


e To be considered a “cloud service model” these models must be 
deployed on top of an infrastructure that has the key characteristics of 
clouds 
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Figure 3-2. Cloud service models WS009 / VS0091.0 


Notes: 
Software as a service (SaaS): 


In the software as a service model, the same software or applications are provided to 
different customers, or consumers via a network, usually the Internet. The software no 
longer resides on the consumer’s workstation. Instead, the consumer accesses the 
provider’s applications running on a cloud infrastructure using various client devices 
through a thin-client interface such as a web browser. A good example could be web-based 
email running on a cloud infrastructure. 


Platform as a service (PaaS): 


In this model, the computing platform and solution stack are made available as a service. 
Customers can develop, test, and deploy their applications on the cloud. 


Infrastructure as a service (laaS): 


In the infrastructure as a service model, the consumer can provision fundamental computer 
resources such as processors, storage, and networking resources. 
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Middleware is defined as: “Software that acts as an intermediate layer between 
applications or between client and server. It is used most often to support complex, 
distributed applications in heterogeneous environments.” 
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Purpose — 


Details — If you compare these cloud service models to pre-cloud outsourcing, then these 
are the similarities: 


e SaaS replaces application service providers or ASPs. 

e PaaS replaces web hosting services. 

e laaS is the cloud equivalent of a managed hosting service. 
Further details on each of these models follow in the next slides. 
Additional information — 


Transition statement — 
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Cloud service model architectures 


Cloud infrastructure | | Cloud infrastructure | | Cloud infrastructure 


laaS Software 
PaaS PaaS as a service 
(SaaS) 
SaaS SaaS architectures 


Cloud infrastructure | | Cloud infrastructure 
laas Platform 


PaaS PaaS as a service 
(PaaS) 


architectures 


Cloud infrastructure 


laaS Infrastructure 

as a service 
(laaS) 

architectures 
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Figure 3-3. Cloud service model architectures WS009 / VS0091.0 


Notes: 

SaaS = application as a service 
PaaS = platform as a service 
laaS = infrastructure as a service 


Notice that each service model builds on the cloud infrastructure, and each service model 
higher up on the slide is more restrictive in the resources it makes available to the client. 


Recall that to be considered a “cloud service model” these models must be deployed on 
top of an infrastructure that has the key characteristics of clouds. This is depicted by the 
box labeled “cloud infrastructure” in the diagram. 


These services model architectures can be used together, in which case, the client has 
access to all resources of the service model stack that have been provided. 


The SaaS model delivers only applications to the user. It may conceivably be used as part 
of a PaaS or laaS architecture, in which case the user has access to the platform and the 
infrastructure, respectively. 
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On its own, the SaaS model is the least flexible — you only get to use the application. If you 
add PaaS, you can create, deploy, and test the application, so you have more flexibility in 
how the application performs. Finally, adding laaS gives the ability to add or remove 
system resources such as servers, data storage, firewalls, and so forth. Having access to 
all three service models gives you the most flexibility for optimizing your environment. 
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Instructor notes: 
Purpose — 


Details — One model does not fit all situations. The workload or application likely 
determines which of these models you choose. 


laaS gives the ability to rapidly and elastically provision and control resources such as 
computing power, memory, and data storage. 


In the PaaS service model customers use tools, programming languages, and platforms to 
develop and deploy applications on a multitenant, shared infrastructure (with or without the 
ability to manage and control the underlying resources). 


In the SaaS model, customers use applications such as email, CRM, or ERP applications. 
Additional information — 


Transition statement — 
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Infrastructure as a service (laaS) architecture 


Cloud infrastructure 
laaS 


e An infrastructure provider (IP) makes an entire computing infrastructure 
available “as a service” 


e IPs manage a large pool of computing resources and use virtualization 
to assign and dynamically resize the resources required by customers 


e Customers rent processing capacity, memory, data storage, and 
networking resources that are provisioned over a network 
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Figure 3-4. Infrastructure as a service (laaS) architecture WS009 / VS0091.0 


Notes: 


An infrastructure provider (IP) makes an entire computing infrastructure available “as a 
service”. The IP uses the cloud to outsource the provision of the computing infrastructure 
required to host services. 


Rather than purchasing servers, data storage, and networking equipment, customers rent 
these resources provisioned over a network. 


The ability to support an laaS architecture is through a combination of some of the special 


characteristics of cloud computing. They include dynamic provisioning, fine-grained 
measurement and metering, virtualization, broadband access, and flexible billing. 
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Purpose — 


Details — 


Additional information — Through the use of virtualization, IPs are able to build the 
ad-hoc systems required by their customers. Amazon can be thought of as being the 
defacto laaS provider. 


Transition statement — 
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Infrastructure as a service (laaS) details 


e laaS > 


Infrastructure services 


Virtualized infrastructure — 
Server, storage, network, facilities 
Infrastructure for hosting cloud services, 
dynamic provisioning 
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Figure 3-5. Infrastructure as a service (laaS) details WS009 / VS0091.0 


Notes: 


Infrastructure services are built on top of a standardized, secure, and scalable 


infrastructure. Some level of redundancy needs to be built into the infrastructure to ensure 
the high availability and elasticity of resources. 


Next, it must be virtualized. Virtualized environments make use of server virtualization, 
typically from VMware, XEN, and others, as the basis of running services. These services 
need to be readily provisioned and deprovisioned using software automation. 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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Platform as a service (PaaS) architecture 


Cloud infrastructure || Cloud infrastructure 
laaS 
PaaS PaaS 


e Service provider (SP) supplies the software platform or middleware 
where the applications run 


e Service user is responsible for the creation, updating, and maintenance 
of the application 


e The sizing of the hardware required for the execution of the software is 
made in a transparent manner 


e Google App Engine is an example of PaaS 


e IBM Smart Business Development and Test Cloud is an example of 
PaaS 
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Figure 3-6. Platform as a service (PaaS) architecture WS009 / VS0091.0 


Notes: 


Under the PaaS model, the service provider (SP) supplies the software platform or 
middleware on which the applications run. The user of the service is responsible for the 
creation, updating, and maintenance of the application. 


Platforms in the cloud are an interesting offering that takes the pain away from having to 
set up and configure the software platform or middleware. 
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Instructor notes: 


Purpose — 


Details — The middle diagram shows how the PaaS architecture can be combined with the 
laaS architecture. In this situation, the service provider (SP) is using the cloud to outsource 
the provision of the computing infrastructure required to host the software platform or 
middleware. This is transparent to the user of the PaaS architecture. 


Additional information — Google App Engine supports two types of runtime 
environments: the Java environment and the Python environment. With App Engine, you 
only pay for what you use. There are no setup costs and no recurring fees. The resources 
your application uses, such as storage and bandwidth, are measured by the gigabyte, and 
billed at competitive rates. 


Transition statement — 
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Platform as a service (PaaS) details 
e PaaS > Middleware services 
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; Web 2.0 
Java runtime E 


process 
management 


[ranem 3 


© Copyright IBM Corporation 2010 


Figure 3-7. Platform as a service (PaaS) details WS009 / VS0091.0 


Notes: 
As with infrastructure services, PaaS should be a self-managed platform. 


A provisioning engine is used to deploy the middleware services, as well as tearing them 
down and freeing resources for reuse. 


Platforms may offer additional functions to support developers, such as: 
- Development and testing environments 
- Support for integrated development environments (IDEs) and runtimes 
- Support for advanced workflow software and tools 
e Integration services 


- Tools and runtimes that support integration, such as connectors, or an enterprise 
service bus 


e Source code management 
- Tools and services that support version control and change management 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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Platform as a service (PaaS) patterns 


e Patterns are reusable elements that solve recurring business problems 


e Pattern-based middleware is optimized for automatically assembling 
software components into dynamic middleware services 


Middleware services 
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Figure 3-8. Platform as a service (PaaS) patterns 


WS009 / VS0091.0 
Notes: 


A design pattern can be described as “a named description of a proven design solution to a 
recurring problem, within a given context.” 


Pattern-based middleware is a grouping of middleware products and runtimes that can be 
automatically assembled into dynamic middleware services. 
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Details — 

Additional information — 


Transition statement — 
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Examples of PaaS software 
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Figure 3-9. Examples of PaaS software WS009 / VS0091.0 


Notes: 
IBM delivers many products in the WebSphere brand as PaaS middleware-aware topology 
patterns. 


An example of the use and deployment of these PaaS patterns is provided in the unit on 
IBM WebSphere CloudBurst and IBM WebSphere Hypervisor Edition. 
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Details — 

Additional information — 


Transition statement — 
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Software as a service (SaaS) architecture 


Cloud infrastructure | | Cloud infrastructure | | Cloud infrastructure 
laaS 
PaaS PaaS 


SaaS SaaS 


e Service provider (SP) is responsible for the creation, updating, and 
maintenance of software and application 


e Service user accesses the service through Internet-based interfaces 
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Figure 3-10. Software as a service (SaaS) architecture WS009 / VS0091.0 


Notes: 


Under the SaaS model, the software provider is responsible for the creation, updating, and 
maintenance of software, including the responsibility for licensing the software. Customers 
usually rent the software on a per usage basis, or buy a subscription to access it, which 
includes a separate license for each person that uses the software. 


In this model, the service user only needs to access the service itself, and not the platform 
or the infrastructure the service is running on. The service is usually accessed as a web 
application or as a wrappered web services application invoked using web services APIs. 


3-22 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 


Purpose — 
Details — An example of a vendor that offers SaaS is SalesForce.com. 
Additional information — 


Transition statement — 
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Software as a service (SaaS) details 


e SaaS > Application services 


Collaboration 


Enterprise 
applications 


Business Industry 
processes applications Analytics 
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Figure 3-11. Software as a service (SaaS) details 


WS009 / VS0091.0 
Notes: 


With SaaS, users can access function-rich, prebuilt applications designed specifically 
around their service. 
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Purpose — 


Details — Examples of enterprise applications include CRM, human resources, payroll, 
and so forth. 


Additional information — 


Transition statement — 
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Figure 3-12. Examples of SaaS applications WS009 / VS0091.0 


Notes: 


An example of software as a service cloud application for collaboration is IBM LotusLive; 
an example for analytics is the Cognos Business Intelligence reporting and analytic 
software. 


Further information on these SaaS applications is provided in the unit on IBM cloud 
computing architecture and offerings. 
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Details — 

Additional information — 
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Trade-off in cost to install versus flexibility 
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(laaS) 
Cost Re 
Middleware-aware l 
topology patterns ; 
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Figure 3-13. Trade-off in cost to install versus flexibility WS009 / VS0091.0 
Notes: 


This diagram shows the trade-off between cost and savings in using standardized services 
(on the lower right) and the higher cost (although greater flexibility) of building your own 
custom environment (upper left of the diagram). 
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Purpose — 


Details — This diagram shows the trade-off between the ease of deployment on the one 
hand and the difficulty of installing and configuring the software on the other hand. This is 
shown by the vertical column labeled “Cost”, which indicates both a monetary cost and the 
effort required to install the software. 


Looking at the horizontal column, you notice that it goes from higher flexibility on the left to 
lower flexibility on the right. 


Installing and configuring the software yourself gives you the highest level of control on 
what you want to do with the software. This is shown by the point on the graph labeled 
“Native install”. 


As you move down the graph, the next point is “Server virtualization” or laaS. Here you are 
using virtual machines. You lose some flexibility by not having direct access to operating 
system functions. In the PaaS area of the graph, you begin using standardized middleware 
environments and application patterns. These provide you with middleware that has been 
preconfigured using some standard patterns, such as a single application server pattern, or 
a clustered pattern supporting high availability. Certain predefined application patterns, 
such as web to server to database application patterns, are also provided. 


Right at the bottom of the graph are the predefined and preinstalled SaaS applications. 
Here you get only the narrowly defined application, with no possibility of customization. 
This is the lowest level of flexibility; at the same time, it offers an “off-the-shelf” low cost 
solution. 


Additional information — 


Transition statement — 
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Other cloud service models 


e Data as a service 


— Google Public Data Explorer lets you create your own visuals from Google App 
data 


— Assumes some public data already exists in the Cloud 
e Testing as a service 


— Within IBM, the Integrated Test Enablement (ITE) cloud has been created to 
provide a common automation and test strategy for developers across the 
various IBM product brands 


— Used to create reusable test assets 
e Integration as a service 

— Cast Iron (now part of IBM) 

— Boomi 
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Figure 3-14. Other cloud service models WS009 / VS0091.0 


Notes: 


A number of other service candidates have identified by market trends. These include such 
models as data as a service, testing as a service, and integration as a service. 


Data as a service: 
Google Public Data Explorer lets you create your own visuals from Google App data 
Assumes some public data already exists in the cloud. 

Testing as a service: 


Within IBM, the Integrated Test Enablement (ITE) cloud has been created to provide a 
common automation and test strategy for developers across the various IBM product 
brands. 


However, for the most part, these models could just as well fall into the SaaS or PaaS 
models. 


In fact, the ITE cloud positions itself as a PaaS. 


Cast Iron positions itself as a leading integrator of SaaS applications. 
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Boomi’s Atmosphere product is marketed as connecting any combination of SaaS. 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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Common cloud management platform reference architecture: 
Architecture overview diagram 
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Figure 3-15. Common cloud management platform reference architecture: Architecture overview diagram WS009 / VS0091.0 
Notes: 


This slide shows the common cloud management architecture in the context of the PaaS 
service delivery model. 


The business support system (BSS) enables capabilities such as subscription services for 
a pay-per-usage model. 


The OSS layer is responsible for making resources available on demand, and for the 
security of the environment. 


The cloud service provider makes cloud services available through its application 
programming interfaces (APIs) to the cloud service consumer. 


To instantiate a new cloud instance, the service consumer sends a request to the cloud 
provider. The request is delegated to the operational support system or OSS that initiates 
and manages cloud service instances. Once a new instance of the cloud has been created 
and the response has been sent to the user 
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Purpose — 


Details — IBM’s approach to cloud computing is that a trusted foundation is needed to 
build the most secure, efficient, and resilient platform for cloud services. IBM is working to 
create standards-based interfaces between the cloud services and the underlying 
infrastructure. 


Additional information — 


Transition statement — 
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Figure 3-16. Common cloud management platform WS009 / VS0091.0 


Notes: 


The cloud management platform enables you to manage, deploy, and automate business 
applications on the cloud. The operational support services manages the creation of cloud 
service instances. The business support services manages the business aspects of cloud 
service instances, including things like measuring and metering, reporting, and analytics. 


Depending on the environment, the user interface to the cloud management platform can 
be anything from a comprehensive portal interface, to a simple API. These programming 
interfaces manage the virtual machine images and the virtualized infrastructure. 
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Purpose — 


Details — Business support services APIs support metering, billing, and pricing aspects. 
Operational support services APIs support the creation and deletion of images, as well as 
the control of nodes, the starting and stopping of images, managing load balancers, 
firewalls, and so forth. 


Additional information — 


Transition statement — 
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Unit summary 


Having completed this unit, you should be able to: 

e Describe the service delivery models of cloud computing 

Explain software as a service (SaaS) 

Explain platform as a service (PaaS) 

Explain infrastructure as a service (laaS) 

Describe additional cloud services 

Illustrate a reference architecture for the PaaS cloud computing model 
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Figure 3-17. Unit summary WS009 / VS0091.0 
Notes: 
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Details — This can either be a repeat of the unit objectives or another form of summary of 
the learning points. 


Additional information — 


Transition statement — 
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Checkpoint 


1. True or false: A design pattern can be described as “a named 
description of a proven design problem to a recurring solution, within a 
given context”. 


2. True or false: Using a prebuilt SaaS component gives you the most 
flexibility in tailoring the software. 


3. Match the following descriptions with the best definition: 


1) Service provider supplies the software or A. Platform as a service 
middleware where the applications run on 


2) Anentire computing environment is made . Software asa 
available as a service service 


3) Service provider is responsible for the . Infrastructure as a 
creation and maintenance of the service 
application 
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Figure 3-18. Checkpoint (objective only) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Purpose — Discuss the checkpoint questions to verify understanding. 
Details — 

Additional information — 


Transition statement — 
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Checkpoint answers 


1. True or false: A design pattern can be described as “a named description of a 
proven design problem to a recurring solution, within a given context”. 
Correct answer: False. 
A design pattern can be described as: “A named description of a proven design 
solution to a recurring problem, within a given context” 


2. True or false: Using a prebuilt SaaS component gives you the most flexibility in 
tailoring the software. 
Correct answer: False. 


3. Match the following descriptions with the best definition: 


1) Service provider supplies the software or A. Platform as a service 
middleware where the applications run on 


2) Anentire computing environment is made C. Infrastructure as a 
available as a service service 


3) Service provider is responsible for the . Software as a 
creation and maintenance of the service 
application 
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Figure 3-19. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Unit 4. Cloud deployment scenarios 


Estimated time 


00:45 


What this unit is about 


This unit describes the various cloud deployment models. These 
include the private, public, community and hybrid cloud models. 


What you should be able to do 


After completing this unit, you should be able to: 
e List the four major cloud deployment types 


e Describe the features of private, public, hybrid, and community 
clouds 


e List some additional cloud deployment types 


e Select the most appropriate deployment model based on a set of 
business and technical requirements 


How you will check your progress 


e Checkpoint 


References 


http: //csrc.nist .gov/groups/SNS/cloud -computing/index. html 
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Unit objectives 


After completing this unit, you should be able to: 

e List the four major cloud deployment types 

e Describe the features of private, public, hybrid, and community clouds 
e List some additional cloud deployment types 


e Select the most appropriate deployment model based on a set of 
business and technical requirements 
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Figure 4-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Purpose — List the unit objectives. 
Details — 

Additional information — 


Transition statement — 
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Cloud deployment models 


The National Institute of Standards and Technology (NIST) defines four 
cloud deployment types: 
e Public cloud 
— Service provider lets clients access the cloud via the Internet 
— Made available to the general public or a wide industry group 
e Private cloud 
— The cloud infrastructure is used solely by the organization that owns it 
— May reside in-house or off premises 
e Hybrid cloud 


— Composed of two or more clouds (private, public, or community) that remain 
unique entities, but that can interoperate using standard or proprietary protocols 


e Community cloud 
— Shared by several organizations that have a common mission 
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Figure 4-2. Cloud deployment models WS009 / VS0091.0 


Notes: 


The National Institute of Standards and Technology (NIST) defines four cloud deployment 
types: public, private, hybrid, and community clouds. 


Public cloud: 
e Service provider lets clients access the cloud via the Internet 
e Made available to the general public or a wide industry group 
Private cloud: 
e The cloud infrastructure is used solely by the organization that owns it 
e May reside in-house or off premises 
Hybrid cloud: 


e Composed of two or more clouds (private, public, or community) that remain unique 
entities, but that can interoperate using standard or proprietary protocols 


Community cloud: 
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Shared by several organizations that have a common mission 
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Public clouds 


Multitenant infrastructure 
e Anyone may use 

e Functions vary 

e Fee arrangements vary 
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Figure 4-3. Public clouds WS009 / VS0091.0 


Notes: 


A public cloud is one in which a third-party provider makes resources, such as applications 
and other computing resources, to the general public via the Internet. A public cloud does 
not necessarily mean that it is free, although it can be free or inexpensive to use. It may be 
offered on a pay-per-usage model. 


The cloud service provider is responsible for setting up the hardware, software, 
applications, and networking resources. 


Public clouds do not imply that the user’s data is public. In many cases, access control 
mechanisms are required before the user can make use of cloud resources. 
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Purpose — 


Details — The advantage of public clouds is that they allow you to build on-demand virtual 
systems on almost any scale with minimal in-house hardware. 


Additional information — 


Transition statement — 
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Private clouds 


e Secure, dedicated infrastructure 
e User buys or leases the cloud 
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Figure 4-4. Private clouds WS009 / VS0091.0 


Notes: 


With a private cloud, computing resources are pooled and managed internally. This 
provides for greater efficiencies. Resources can be applied dynamically according to 
demand. A private cloud allows the enterprise to continue to follow workflow and security 
procedures. This ensures that the correct level of “code” is executing. These types of 
clouds are not burdened by network bandwidth and availability issues or potential security 
exposures that may be associated with public clouds. Private clouds can offer the provider 
and user greater control, security, and resilience. 


The IBM Smart Business Development and Test Cloud is an example of a private cloud 
that can be installed on customer sites to provide on-demand provisioning of physical and 
virtualized test resources — including IBM and non-IBM components such as operating 
systems, middleware, storage, network, images, and data. 


For details of this offering, visit: www. ibm. com/cloud 
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Details — A private cloud is a cloud architecture that is protected by a firewall. This can be 
referred to as “cloud computing at home” instead of using an Internet-based service. 
Private clouds appear to be catching on for a number of reasons. Virtualization technology 
is driving better hardware utilization, easy scalability, and flexible resource management. 
Metering and chargeback allow IT to charge for the resources that are used. 


Additional information — 


Transition statement — 
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Figure 4-5. Hybrid clouds WS009 / VS0091.0 


Notes: 


Hybrid clouds are combinations of public and private clouds that work together. 


In this model, IT typically outsources noncritical information and processing to the public 
cloud, while keeping business critical services and data in their control. 


The hybrid cloud environment works to seamlessly integrate external applications on other 
private and public clouds, with your in-house processes. 
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Purpose — 


Details — In this model, the cloud user makes use of both in-house and external cloud 
services, either on a continual basis or in the form of a “cloudburst”. A spillover cloud refers 
to a hybrid cloud that is paired with an organization’s private cloud and is capable of 
automatically handling the load from the organization’s private cloud should that cloud 
reach its capacity. 


Additional information — 


Transition statement — 
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Community clouds 


e Used and controlled by a group of organizations 
with a shared interest 


e Private cloud purchased by a single user to 
support a community of users 


e Fees may be charged to subsidiaries 
e Functions vary _— sree — 
e Common functions 
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Figure 4-6. Community clouds WS009 / VS0091.0 
Notes: 


A community cloud can be a private cloud purchased by a single user to support a 
community of users, or a hybrid cloud with the costs spread over a few users of the cloud. 


A community cloud is often set up as a sandbox environment where community users can 
test their applications, or access cloud resources. 
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Figure 4-7. Virtual private clouds WS009 / VS0091.0 


Notes: 
A virtual private cloud (VPC) is dedicated to a single user within a public cloud. 


The virtual private cloud extends the customer network into the cloud provider’s “space”, 
making the additional resources available on demand. 


In this example, the customer can access a number of isolated subnets, or private IP 
address ranges, in the Amazon Web Services cloud. Traffic flowing between the VPC and 
the Internet is routed over the VPN connection so that it can be examined using the 
customer’s existing security and networking assets before heading to the public Internet. 
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Purpose — 


Details — VPCs are hybrid clouds where the services are delivered by a third party. 
However, access to the VPC is restricted to the target customer (via a VPN). 


Additional information — 


Transition statement — 
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Vertical and special purpose clouds 


e Vertical clouds 
— Clouds for particular industries 


— May contain information, applications, 
services for that industry 


e Horizontal clouds 
— Clouds for a purpose 


— Examples: development, 
test, collaboration, budgeting 


e Regional clouds 


— Localized 
— Compliant to government regulations 
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Figure 4-8. Vertical and special purpose clouds WS009 / VS0091.0 


Notes: 


This diagram shows some of the other cloud deployment types that may appear in cloud 
terminology. 


These cloud types may be considered subtypes of community clouds. 
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Transition statement — 


4-18 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Migration paths for cloud adoption 


e Use public clouds 


— Smaller organizations can use resources provided by larger cloud service 
providers 


e Develop private clouds 

— Build or procure private clouds 

— Metering and chargeback 
e Build or procure community clouds 

— For organizations that share common goals 

— Shared infrastructure or sandbox environment 
e Use hybrid clouds 


— Balance workloads between clouds 
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Figure 4-9. Migration paths for cloud adoption WS009 / VS0091.0 


Notes: 
There is no single correct answer on how to get started using clouds. 


One suggestion is to sign up to use a public cloud such as the IBM Smart Business 
Development and Test Cloud or Amazon Elastic Compute Cloud (EC2). Once signed up, 
you have access to a predefined set of cloud resources. You can launch a cloud instance, 
connect to an instance, and terminate an instance. 


Smaller enterprises may use SaaS and public clouds to limit the growth of their data 
centers. 


A second approach is to build or procure your own private cloud. IBM provides a service to 
build a custom version of the Smart Business Development and Test cloud, and will install it 
at the customer’s site. 


When developing private clouds, you should also consider the metering of resources so 
that you can determine the costs of doing business in the cloud. 


Larger organizations may use a hybrid cloud infrastructure to balance workloads across 
internal and public clouds. 
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Selection criteria for cloud deployment types (1 of 4) 


e Private clouds 
— Provides a dedicated and secure infrastructure 
— Limited by the organization’s physical hardware and other resources 
— Can be run off premises by a third-party infrastructure provider 
— Does not require federated identity, location awareness, common APIs 


Firewall 


Private 


cloud 
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Figure 4-10. Selection criteria for cloud deployment types (1 of 4) WS009 / VS0091.0 


Notes: 


Security issues may drive how organizations deploy cloud infrastructures. Private clouds 
have less of a security threat than community clouds, which in turn have less security 
threat than public clouds. 


With private clouds, the owner has complete control of the security mechanism and 
architecture. With other types of clouds, the organization may have to interface with other 
security implementations. 


With a private cloud, computing power is spread across the enterprise. Departments are 
not limited to simply their own departmental resources, and they can utilize other 
departments’ resources during periods of peak loads. 


Applications running on a private cloud are generally not required to deal with federated 
identity, location awareness, standards-based APIs, or common APIs for middleware. 


Note that running a private cloud still requires all of the governance and management that 
apply to IT. Requirements include an open client, security, metering and monitoring, and 
service level agreements. 
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Purpose — 


Details — How does one choose the right cloud deployment for the organization? Running 
a private cloud still means adhering to many of the existing IT procedures, including 
security, life cycle management, and service level agreements. It may add the 
requirements of an open client, additional metering and monitoring, and a common virtual 
machine format. Keeping the cloud inside the enterprise removes some requirements such 
as federated identity management, location awareness, and the need for standard or 
common APIs. 


Additional information — 


Transition statement — 
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Selection criteria for cloud deployment types (2 of 4) 


e Public clouds 
— Low cost data storage and disaster recovery solution 
— Expertise is provided 
— Easy access to public domain applications and storage such as Google Apps, 
Google Docs, and Gmail 


— Issues switching cloud providers 


laasS, Public 
VPC solution cloud 
F, 
LEE 
Open client A 
Enterprise SaaS Public 
cloud 
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Figure 4-11. Selection criteria for cloud deployment types (2 of 4) WS009 / VS0091.0 


Notes: 


Strong security controls are required for most cloud deployments. The organization hosting 
the public cloud is likely to perform all of the required due diligence to ensure the security of 
the user’s data. 


Using a public cloud as a data storage or disaster recovery solution may be a low-cost 
alternative to building your own. The cloud solution is a pay-per-usage basis, and the 
capital cost required to set up an in-house solution may be much higher. In this way, you 
are turning fixed costs into variable costs. 


Google allows Google Apps users to upload and store files in Google Docs. This is a cheap 
way for developers and users to use a cloud-based storage service to store and access 
their files. Users can access their data with a browser using any device. Access to the data 
is secured via password protection. 
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Selection criteria for cloud deployment types (3 of 4) 


e Community clouds 
— Shared infrastructure or hosted by a third-party 
— Shared costs 
— Shared mission, policy and compliance 
— Requires commitment from all parties 
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Figure 4-12. Selection criteria for cloud deployment types (3 of 4) WS009 / VS0091.0 


Notes: 


This types of cloud infrastructure can be shared by several organizations that support a 
specific community, such as health care or local governments. The benefit of this approach 
is the ability to easily share a vast array of resources among the participating community. 
Building this type of infrastructure requires a huge investment in terms of expertise, 
computing resources, and support. 


Some of the challenges include deciding who funds the capital costs to build the 
infrastructure, who is responsible for managing and maintaining the cloud, and legal 
compliance issues. 
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Purpose — 
Details — 


Additional information — Examples of where community clouds may be deployed are in 
areas of research and development, health care, and academic institutions. 


Transition statement — 
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Selection criteria for cloud deployment types (4 of 4) 


e Hybrid clouds 
— Using services of vendors on private clouds costs money 


— Consider moving some systems to an off-premises data center with applications 
offered back as a service 


— Heightened security concerns 


Public cloud 


Private 
cloud 


© Copyright IBM Corporation 2010 


Figure 4-13. Selection criteria for cloud deployment types (4 of 4) WS009 / VS0091.0 


Notes: 


Instead of hosting all of your applications on your own private cloud, you can move some 
noncritical applications to an off-premises cloud hosted by a third-party provider that offers 
these back as a service. Or you can use alternative applications that are freely available in 
public clouds. 

A single vendor hybrid cloud solution such as VMware vCloud lets you federate resources 
between internal and external clouds. This is advantageous since you do not need to 
interface with different vendor APIs. 
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Details — Some local government organizations have migrated from using desktop-based 
word processing and email applications to a Google Apps deployment running in the cloud. 
Other enterprises have replaced some of their custom CRM applications with cloud-based 
alternatives offered by Salesforce.com. 


Additional information — 


Transition statement — 
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Case study example: IBM ITE cloud (1 of 3) 


e Integrated Test Enablement (ITE) cloud 
— IBM Software Group internal roll out of cloud technology, automation, and tooling 
for developers across the various brands in the organization 
e Mission: 
— Define common processes for accessing resources and capacity 
Leverage cloud-based resources for high-volume testing 
Deploy a common automation strategy to produce reusable test assets 


Utilize IBM Rational and Tivoli brand products as the common tooling 
infrastructure 


Host common test services to drive cost and infrastructure efficiencies 
Deploy test configurations within hours or minutes instead of days 
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Figure 4-14. Case study example: IBM ITE cloud (1 of 3) WS009 / VS0091.0 


Notes: 


The Integrated Test Enablement (ITE) cloud is an internal IBM Software Group initiative to 
provide cloud-based access to automation and test facilities for their software developers. 
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Case study example: IBM ITE cloud (2 of 3) 


The situation prior to using the ITE cloud: 


e Without ITE 
— Each team must reserve hardware for testing infrastructure 
— Each team incurs the direct cost to install and configure the infrastructure 


Test Lab 1 Test Lab 2 


Tester 1 =a Tester 2 
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Figure 4-15. Case study example: IBM ITE cloud (2 of 3) WS009 / VS0091.0 


Notes: 


Prior to using the ITE cloud-based solution, the teams for each brand within the IBM 
Software Group needed to provision their own hardware and network infrastructure. After 
these resources had been acquired and installed, each team had to install, configure, and 
deploy the software necessary to run their regression tests. 


The time and costs spent on procuring, configuring, and replicating the environment are 
replicated for each test lab environment. There is no sharing of resources, and so each 
team must create an environment that meets the peak loads for their test cases. 
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Case study example: IBM ITE cloud (3 of 3) 


e With the Integrated Test Enablement (ITE) cloud 


Test Lab 2 
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= 


Test Lab 1 


ITE cloud 
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Figure 4-16. Case study example: IBM ITE cloud (3 of 3) WS009 / VS0091.0 


Notes: 


The diagram shows the ITE solution private cloud delivered as a platform as a service 
(PaaS) model. 


Each team requests an instance of the test tooling infrastructure that is provisioned for 
them from the ITE cloud. 


Each instance includes script and automation libraries to install the required testing 
software and test cases. 


The ITE cloud lets each team access all resources that they need from a pool of virtualized 
resources. These resources can be provisioned and deprovisioned dynamically, allowing 
for the elastic use of resources across the testing teams. 
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Details — The ITE cloud provisions complete test environments with the required Rational, 
Tivoli, and other test products in a virtualized environment that can easily be scaled for 
high-volume testing. 


Additional information — 


Transition statement — 
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Unit summary 


Having completed this unit, you should be able to: 

e List the four major cloud deployment types 

e Describe the features of private, public, hybrid, and community clouds 
e List some additional cloud deployment types 


e Select the most appropriate deployment model based on a set of 
business and technical requirements 
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Figure 4-17. Unit summary WS009 / VS0091.0 


Notes: 
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the learning points. 
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Checkpoint 


1. Select the correct answer: 
A private cloud deployment has the following characteristic or 
characteristics: 
A. Heightened security requirements 
B. Is surrounded by a firewall 
C. Is run on the enterprise premises 
D. All of the above 


2. Select the correct answer: 
Which of these is /east likely to be an issue in private cloud 
deployments? 
A. Monitoring and measurement 
B. Security 
C. Governance 
D. Federated identity 
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Figure 4-18. Checkpoint (objective only) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. Select the correct answer: 
A private cloud deployment has the following characteristic or 
characteristics: 
A. Heightened security requirements 
B. Is surrounded by a firewall 
C. Is run on the enterprise premises 
D. All of the above 
Answer: B 


2. Select the correct answer: 
Which of these is /east likely to be an issue in private cloud 
deployments? 
A. Monitoring and measurement 
B. Security 
C. Governance 
D. Federated identity 


Answer: D 
© Copyright IBM Corporation 2010 
Figure 4-19. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Details — This slide provides an introduction to an exercise (Such as a hands-on lab 
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Additional information — 


Transition statement — 
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Demonstration objectives 


After completing these demonstrations, you should be able to: 
e Request a contract for the IBM Smart Business Development and Test 
Cloud 
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Figure 4-21. Demonstration objectives WS009 / VS0091.0 


Notes: 
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Demonstration 
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Figure 4-22. Demonstration WS009 / VS0091.0 
Notes: 
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Demonstration objectives 


After completing these demonstrations, you should be able to: 
e Review a contract for the IBM Smart Business Development and Test 


Cloud 
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Figure 4-23. Demonstration objectives 


Notes: 
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Demonstration instructions (optional) 


1. Extract Cloud_demos.zip to your hard drive, ensuring that you 
select Use folder names when extracting the file 


2. Navigate to \Cloud_demos; then double-click 
simulations .htm1 to start the demonstrations 


3. Select Demonstration: Request contract forms for the IBM Smart 
Business Development and Test Cloud to run the first 
demonstration 


4. When completed, select Demonstration: Review a contract for the 
IBM Smart Business Development and Test Cloud to run the 
second demonstration 
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Figure 4-24. Demonstration instructions (optional) WS009 / VS0091.0 
Notes: 
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Estimated time 


01:00 


What this unit is about 


This unit describes the security considerations in cloud computing. 


What you should be able to do 


After completing this unit, you should be able to: 


Review the integration of security into the cloud reference model 


Describe security considerations in cloud computing, including 
cloud security risks and cloud security breaches 


Identify security options available in cloud computing 


Formulate identity management techniques, including detection 
and forensics and encryption 


Identify the top security threats to cloud computing 


How you will check your progress 


e Checkpoint 
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Unit objectives 


After completing this unit, you should be able to: 
e Review the integration of security into the cloud reference model 


e Describe security considerations in cloud computing, including cloud 
security risks and cloud security breaches 


e Identify security options available in cloud computing 


Formulate identity management techniques, including detection and 
forensics and encryption 


Identify the top security threats to cloud computing 
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Figure 5-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Topics 


e Cloud security reference model 

e Cloud security risks 

e Principal security dangers to cloud computing 
Steps to reduce cloud security breaches 
Identity management 

e Detection and forensics 

Encryption techniques 
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Figure 5-3. Cloud security reference model 
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e The cloud computing model 
may be consider three 
subcomputing models: laaS, 
PaaS, and SaaS 


e The relationship and 
dependencies between these 

are important to fully grasp 

E aan T E a . the security risks to cloud 

$ computing 

— laaS is the base of all cloud 
services 

— PaaS is layered on top of laaS 

— Saas is built upon PaaS 


Layered architectures inherit 

capabilities 

— These capabilities include 
operations and functionality 


— Unfortunately, they also inherit 
risks, including security risks 
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Abstraction 


Hardware 


Facilities 


_ Software as a service (SaaS) 


f 


~ Platform as a service (PaaS) 


Figure 5-4. Cloud reference model WS009 / VS0091.0 


Notes: 


Just as a quick recap, laaS includes the infrastructure stack from facilities to hardware, and 
the interfaces required to manage them. Paas, residing on top of laaS, adds an additional 
layer of integration and application development. This may include middleware, such as 

MQ series, and databases. Developers are able to build applications using the PaaS stack. 


SaaS resides upon PaaS and laaS providing a self-contained operating unit that delivers 
the entire user experience, including all required software, such as presentation, content 
management, and user interface, graphical or other. 
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How security gets integrated ; assis see gre ere 


: | Presentation eee 

e Cloud providers offer | CDA expenses 
more services for : APIs 
customers at the top Pon — - 
of the stack >: L eet i 

e Therefore, SaaS, : | Data | Metadata | Content 
security from ; : sages er a eitlar Se ea Tiera Eiee a E E ; 
the customer's : Integration and middleware | : 
perspectives Yo === <a PT 
contractual —— = 


e As customers move i | Core connectivity and delivery | 


down the stack, such 
as an laaS customer, 
they are responsible 
for building the 


Abstraction 


J 
Infrastructure as a service 
Platform as a service (PaaS) 
Software as a service (SaaS) kfk 


epee : Hardware 
security in their ——. z 
application and Facilities 
middleware layers E 
(SaaS and PaaS functionality) © Copyright IBM Corporation 2010 ' 
Figure 5-5. How security gets integrated WS009 / VS0091.0 


Notes: 


The cloud reference model is decomposed into three distinct groups, SaaS at the top, 
PaaS in the middle, and laaS at the lowest level. The lower down the cloud reference 
model the consumer moves, that is going from SaaS down to laaS, the more security the 
consumer is responsible for providing and managing. 


There are trade-offs in each grouped layer of the model. 


Generally speaking, SaaS provides the highest level of consumer functionality with the 
least amount of flexibility, requiring strong security already built-in. 


PaaS provides a layer in which developers work, providing them the freedom to create 
functionality. This increased flexibility removes additional security layering that was 
provided in SaaS. 


Finally, laaS provides few application features but tremendous flexibility. This opens up the 
application layer and middleware layer requiring the cloud provider to focus the security 
capabilities on the operating system and underlying infrastructure. 
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Cloud security risks 
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Figure 5-6. Cloud security risks WS009 / VS0091.0 
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Security is the top concern 


“How can 
we be assured that 

our data will not be leaked 
and that the vendors have the 
technology and the governance 
to control their employees 
from stealing data?” 


80% of enterprises consider 


security the #1 inhibitor to 
cloud adoptions 


48% of enterprises are 
concerned about the 
reliability of clouds 


“Security is the 
biggest concern. 
| don’t worry much 
about the other ‘- ities’ — 
reliability, availability, 
and so forth.” 


33% of respondents are 
concerned with cloud 


interfering with their ability 


“I prefer internal 
f : cloud to laaS. When the 
to comply with regulations service is kept internally, 
| am more comfortable 
with the security that 
it offers...” 


Source: Driving Profitable Growth Through Cloud Computing, 
IBM study (conducted by Oliver Wyman) 


Figure 5-7. Security is the top concern 


© Copyright IBM Corporation 2010 
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Security is the top concern for the adoption of cloud services. 
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Understanding security risks 


e IT security is a very complicated area of cloud computing for three 
reasons: 


— Security is trusted to the cloud provider; therefore, if the provider has not done a 
good job, there may be problems 


— Security is difficult to monitor, so problems may not be apparent until there is a 
problem 


— Measuring the quality of the cloud provider's security approach may be difficult 
because many cloud providers do not expose their infrastructure to customers 


e Approximately 70% of security breaches are caused by insiders, (or 
people who get help from insiders)* 
— The security approach must deal with internal and external threats 

e Often times with a cloud service agreement (contract), the agreement 
is crafted to protect the service provider, not the cloud customer 
— Cloud customers must have a deep level of understanding the contract 


*Source: Cloud Computing for Dummies, p. 176, 
Hurwitz, © 2010 by Wiley Publishing, Incorporated 
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Figure 5-8. Understanding security risks WS009 / VS0091.0 


Notes: 


There are good reasons that security, as on the last slide, is of top concern. IT security in 
cloud computing adds at least one critical layer of complexity. You, the consumer, are 
trusting security to an external source. This trusted relationship may add the challenge of 
monitoring and validating the security of the cloud provider, especially if the provider does 
not wish to expose their internal infrastructure to customers. 


When an organization is relying on itself to meet service level agreements (SLA), there is a 
certain amount of control available to the customer. If there are problems within the 
organization’s IT infrastructure, a manager may be able to get an executive to apply 
internal pressure, getting the attention required to meet the SLA. However, when the IT 
infrastructure, or layered services, are outside on an organization, the ability to apply 
pressure to get the required attention needed to fix the problem may rely on the details of 
the cloud contract and an external resource. With a poorly constructed contract, a 
consumer loses leverage. 
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Principal security dangers to cloud computing 


e Virtualization and multitenancy 
Nonstandard and vulnerable APIs 
Internal security breaches 

Data corruption or loss 

e User account and service hijacking 
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Figure 5-10. Principal security dangers to cloud computing WS009 / VS0091.0 


Notes: 


The principal security dangers to cloud computing include dangers that currently exist in 
pre-cloud computing. Cloud computing heightens the risks in certain dangers, such as data 
corruption, while introducing some new risks, such as virtualization and multitenancy. 
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Virtualization and multitenancy 


e Cloud offers take advantage of economics of scale, offering shared 
services within their infrastructure 


e Virtualization and multitenancy architectures make this possible 
e However, these technologies were not designed with strong isolation in 
place 


— Hypervisors have extended these risks, potentially exposing the operating 
system 


— Creating an environment where attackers can gain access at the operating 
system level (hypervisors) and higher level services (functionality and data) 
e To reduce these risks, consider: 


— Implement operating system security best practices, such as patch 
management 


— Implement application systems security best practices, such as AAA 
(authentication, authorization, and auditing) 
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Figure 5-11. Virtualization and multitenancy WS009 / VS0091.0 
Notes: 
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Details — Attacks have surfaced, targeting shared technologies in cloud computing, 
focusing on impact of operations and gaining unauthorized access to data. 
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Nonstandard and vulnerable APIs 


e Application programming interfaces (API) are the software interfaces 
that cloud providers offer, allowing customers access into their services 

e Cloud API are not standardized, forcing users of multiple cloud 
providers to maintain multiprogramming interfaces, increasing 
complexity and security risk 

e Since an API offers access to the internals of a system, a weak API 
exposes consumers to a variety of security issues encompassing all of 
the operational exposure the of the compromised API's functionality 

e To reduce these risks, consider: 


— Implement API security best practices, such as requiring AAA (authentication, 
authorization, and auditing) 


— Review the cloud provider's security model being used for the API, including 
any API trusted chain 
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Details — Cloud providers offer APIs into their services. Third parties taking advantage of 
the APIs may be required to relinquish their credentials. The API offers a doorway into the 
services, increasing the complexity and security risk. 
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Internal security breaches 


e The IT industry has well documented that over 70% of security 
violations are internal 


— This threat is amplified in cloud computing as both IT providers and 
consumers are under a single management domain 


e To reduce these risks, consider the following key components of the 
contractual agreement between the customer and cloud provider: 
— Transparency in information and internal management practices 
— Understand the human resources requirements 
— Have aclear level of escalation and notification of a breach 


— Ensure that contractually you are in the loop if an internal breach occurs with 
the cloud provider (with your data or another customer’s) 
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Figure 5-13. Internal security breaches WS009 / VS0091.0 


Notes: 


If another customer is breached by the cloud provider, you do not have the know the details 
of the information lost. However, you have a right to know the type of breach and what has 
been done to stop this type of breach from being repeated. Another customer’s breach may 
offer insight into a potential hole in the cloud services being offered to you. 
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Data corruption or loss 


e Data corruption or loss is amplified since the cloud provider is the 
source for a companies data, not the company itself 


e These operational characteristics of the cloud environment, at the 
PaaS and SaaS layers, amplify the threat of data loss or leakage 
increase 


e To reduce these risks, consider: 


Implement application systems security best practices, such as AAA 
(authentication, authorization, and auditing) 

Implement strong encryption, SSL, digital signatures, and certificate practices 
Ensure that strong disaster recovery processes exist and are tested on a 
periodic basis 

Require that the persistent medium used to store your data is erased prior to 
releasing it back into the pool 
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Figure 5-14. Data corruption or loss WS009 / VS0091.0 
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User account and service hijacking 


e User account and service hijacking occurs when a attacker obtains 
your cloud services information and uses it to take over your cloud 
access 

e If attackers gain access to a cloud user’s credentials, they can 
eavesdrop on activities and transactions, manipulate or steal data, 
return falsified data, and redirect clients to illegitimate sites 


e To reduce these risks consider: 


Implement security best practices, including human processes, such as strong 
passwords, two-factor authentication, and prohibiting the sharing of users’ 
credentials 


Implement application systems security best practices, such as AAA 
(authentication, authorization, and auditing) 


Implement strong encryption, SSL, digital signatures, and certificate practices 
Ensure that auditing and logging is being used to monitor activities 
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Figure 5-15. User account and service hijacking WS009 / VS0091.0 


Notes: 


Two-factor authentication means using any independent two of these authentication 
methods (for example, password + value from physical token) to increase the assurance 
that the bearer has been authorized to access secure systems. 
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Steps to reduce cloud 
security breaches 
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Figure 5-16. Steps to reduce cloud security breaches WS009 / VS0091.0 
Notes: 
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Reducing cloud security breaches 


e The following steps offer a guideline to reducing cloud security 
breaches: 


CO 09r SS en a 


Implement security best practices including human processes 


Implement operating system security best practices, such as patch 
management 


Implement application and API systems security best practices 

Implement strong encryption, SSL, digital signatures and certificate practices 
Ensure that auditing and logging are being used to monitor activities 

Ensure that strong disaster recovery process exist 

Transparency in information and internal management practice 

Understand the human resources requirements 


Have a clear level of escalation and notification of a breach, ensuring that you 
are in the loop if an internal breach occurs with the cloud provider (with your 
data or another customer’s) 


e Some import products can significantly contribute to security 


Identity management v — 
Detection and forensics v | 
Data encryption Z| 
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Figure 5-17. Reducing cloud security breaches WS009 / VS0091.0 


Notes: 


The slide offers some tangle steps that can be taken to reduce cloud security breaches. As 
with most security, a solid solution includes technical aspects, such as authorization and 
authentication; and also process. 


If the cloud provider is responsible for security, and that has been backed up with a strong 
contract, then the customer’s main technical focus is security from the user into the cloud. 
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Identity management 


e Identity management is a broad administrative area that deals with 
identifying individuals in a system and controlling access to the 
resources in that system by placing restrictions on the established 
identities of the individuals 


e Identity management is particularly important in a cloud environment 
since the cloud is sharing and virtualizing physical resource across 
many internal (and often external) users 
— Controlled access to different services is critical 


e Identify management helps prevent security breaches and assists 
companies in meeting IT security compliance regulations 
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Benefits of identity management 


e Improved user productivity — productivity improvement comes from 
simplifying the interface 

e Improved customer and partner services — customers and partners 
benefit from a more streamlined, secure process when accessing 
application data 

e Reduced help desk costs — helps desks normally receive few 
“password reset” calls when an identity manage process is 
implemented 

e Reduced IT costs — identity management enables automatic 
provisioning (providing and revoking user rights) 
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Aspects of identity management 


Centrally locate the data — establishing a common database or 
directory is generally the first step to gaining control of identity data 


Integrating — identity management systems must effectively integrate 
with other systems 


Strengthen authentication — requiring stronger authentication 
measures, such as fingerprints, handprints, iris verification, identity 
tokens, and stronger password parameters 


Provisioning — when systems are linked to an identity system, 
provisioning can be automated, such as revoking or granting employee 
access rights 


Single sign-on — all systems communication with the identity 
management, system allowing the user to sign on once in an 
organization 


Security administration — administration is reduced due to automation 
Analyzing data — centralized data can produce reports more easily 
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Figure 5-21. Aspects of identity management WS009 / VS0091.0 
Notes: 

This section covers the various aspects of identity management as related to information 
technology. 
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Detection and forensics 


e Activity logs — log files provide information but are costly in space 

e Host-based intrusion protection systems (HIPS) and network-based 
intrusion protection systems (NIPS) 
— System and log-file monitors — software looks for traces of hackers in log files 


— Network intrusion-detection systems (NIDS) — software programs that monitor 
data packets as they travel through the network 


— Digital deception software — software that deliberately misleads anyone who is 
attempting to attack the IT network 


— White-listing software — software that inventories valid executable programs 
running on a computer and prevents other executables from running 


— Unified threat management — analyzing combined information for threats 
e Fooling attackers by spoofing 


— Spoofing — pretending to be something else, such as IP address, email 
accounts 


— Honey pot — system that pretends to be something else (something of value) 
that tricks attackers into revealing details about where they are attacking from 


e Data audit — logging who looks at the data (Sarbanes-Oxley, SOX) 
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Notes: 


All access to cloud resources should be recorded, both for legitimate and illegitimate cloud 
users, leaving evidence of the resource utilization. The goal of detection and forensics is to 
capture a record of all situations. This allows organizations to maintain a record of what 
happened, providing the organization information to close the gap, while provide a record 
of what actually happened. 


5-54 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 


© Copyright IBM Corp. 2010 Unit 5. Security in cloud computing 5-55 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


5-56 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


5.6. Encryption techniques 


Instructor topic introduction 
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Encryption techniques 


a © Copyright IBM Corporation 2010 
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Figure 5-23. Encryption techniques WS009 / VS0091.0 
Notes: 
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Purpose — Introduce the topic. 
Details — 

Additional information — 


Transition statement — 
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Encrypting data 


e Encryption is a critical component of cloud computing which is used to 
ensure that data moving from point A to point B with being altered or 
intercepted 

e The journey from point A to point B may include: 

— Within the cloud environment (internal to the cloud) 
— The Internet between a corporation (cloud user) and the cloud provider 
— Between multiple clouds (external to the cloud) 

e Encrypting methods N 
— Symmetric keys 
— Asymmetric keys 
— Digital signatures 

e Secure Sockets Layer (SSL) addressing cloud client connection issues 
— SSL overview 


— SSL handshake 
© Copyright IBM Corporation 2010 
Figure 5-24. Encrypting data WS009 / VS0091.0 
Notes: 
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Symmetric key encryption 


e Symmetric or secret key technology is a model in which two parties 
have a shared secret 


e The same key is used for both encryption and decryption 


Plain Encrypted 
unencrypted (cipher text) 
(clear text) 


© Copyright IBM Corporation 2010 


Figure 5-25. Symmetric key encryption WS009 / VS0091.0 


Notes: 


It is important that, once a key is established between the two parties, it is kept private. 
Symmetric encryption works relatively fast. 
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Purpose — 


Details — The problem with having a “shared secret” between two parties is that it requires 
an initial secure exchange to establish the key, and it is crucial to keep it private. If the key 
is discovered, it is not secure any more. However, symmetric keys work faster than 
asymmetric keys. 


Some common algorithms are: 
e AES 

e Blowfish 

e DES 

e Triple DES 

e Serpent 

e Twofish 

Common attacks: 

e Brute force 

e Linear 

e Differential (impossible, truncated) 
e Integral 

e Boomerang 

e Mod n 

e Related-key 

e Slide 

e Rotational 

e Timing 

e XSL 

Additional information — 


Transition statement — 
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Asymmetric key encryption 


Public key cryptography 


e Two keys that are cryptographically related: Public 
— Public key (can share with everyone) 
— Private key (must never be shared; possession Private 
is proof) 


e Keys are asymmetric: 
— Given message is encrypted with one key and 
decrypted with another 


— Symmetric, secret key technology uses same 
key for encrypt and decrypt 


Public Private 


unencrypted encrypted unencrypted 
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Figure 5-26. Asymmetric key encryption WS009 / VS0091.0 


Notes: 


Asymmetric algorithms use a pair of keys. One is used for encryption and the other one for 
decryption. The decryption key is kept private, so it is called a “private key” or “secret key”; 
while the encryption key is distributed, hence it is called a “public key”. Anyone who has the 
public key is able to send encrypted messages to the owner of the secret key. The secret 
key cannot be reconstructed from the public key. 


Asymmetric algorithms seem to be ideally suited for real-world use; the secret key does not 
have to be shared, so the risk of it being discovered is much smaller. Each user only needs 
to keep one secret key private and maintain a collection of public keys that can be shared 
as necessary. 


However, asymmetric algorithms are much slower than symmetric ones. Therefore, in 
many applications, a combination of both is being used. The asymmetric keys are used for 
authentication and after this has been successfully established, one or more symmetric 
keys are generated and exchanged using asymmetric encryption. 
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Purpose — 


Details — The idea of asymmetric algorithms was first published 1976 by Diffie and 
Hellmann. Well-known asymmetric algorithms are RSA, DSA, and ELGAMAL. 


The advantages of both algorithms can be leveraged. Typical examples of this procedure 
are the RSA-IDEA combination of PGP2 or the DSA-BLOWFISH used by GnuPG. 


Additional information — 


Transition statement — 
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1. Cloud user creates 2. The message digest 3. The message digest is encrypted 
his plain text is created using the using the cloud user’s private 
document hash function key to create the signature 


ar aw ae aoe 


oS = 
mcs If both message 
Sy digests are equal, 
then the message 
has not been 


4. Using the cloud tampered with 
user’s public key, and only the 
the cloud provider cloud user could 
decrypts the : have signed it. 
signed hash to get 


Ihe message 5. The cloud provider hashes the plain 


digest . 
text to produce a message digest ! , 
© Copyright IBM Corporation 2010 
Figure 5-27. Digital signature WS009 / VS0091.0 
Notes: 


The cloud user creates a message, and it is encrypted into cipher text. The cipher text is 
then hashed to create the message digest. The message digest is then encrypted using the 
cloud user’s private key; this creates the digital signature. The message is then sent to the 
cloud provider. The cloud provider receives the message, and two processes are run 
against the message: 


1. The signed hash is decrypted using the cloud user’s public key; this creates a message 
digest (hash number). 


2. The message textis also hashed using the cryptographic hash algorithm; this produces 
another message digest (hash number). 


If these two hash numbers are equal, then the message has not been tampered with. 
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What is SSL? 


e SSL stands for Secure Sockets Layer 

e Provides connection security through: 
— Communication privacy — the data on the connection can be encrypted 
— Communication integrity — the protocol includes a built-in integrity check 
— Authentication — the client knows who the server is 


e Creates a VPN 


. W rver 
Client browser eb serve 
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Figure 5-28. What is SSL? WS009 / VS0091.0 


Notes: 


SSL (Secure Sockets Layer) is the standard security technology for establishing an 
encrypted link between a web server and a browser. This link ensures that all data passed 
between the web server and browsers remains private and integral. SSL is an industry 
standard and is used by millions of websites in the protection of their online transactions 
with their customers. 
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Details — 

Additional information — 


Transition statement — 
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Solving the security problems 


e Solve the following security problems: 
— Tampering 
— Impersonation 
— Eavesdropping 
e Using the following processes: 
— Symmetric and asymmetric keys 
— Encryption techniques 
— Digital signatures 
— Digital certificates 
e These processes are combined together in a protocol called the 
Secure Sockets Layer 
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Figure 5-29. Solving the security problems WS009 / VS0091.0 
Notes: 
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Details — 

Additional information — 


Transition statement — 
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SSL provides 


e Message privacy 
— Using asymmetric and symmetric key encryption 


— Uses a handshake when initiating contact (the handshake establishes a session 
key and encryption algorithm, between both parties, prior to any messages being 
sent) 


e Message integrity 
— By using the combination of shared secret key and cryptographic hash functions 
— This ensures that the content of any messages does not change 
e Mutual authentication 
— Server always authenticates to client 
— Client optionally authenticates to server 
— This happens during the handshake 
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Figure 5-30. SSL provides WS009 / VS0091.0 
Notes: 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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Unit summary 


Having completed this unit, you should be able to: 
e Review the integration of security into the cloud reference model 


e Describe security considerations in cloud computing, including cloud 
security risks and cloud security breaches 


e Identify security options available in cloud computing 


Formulate identity management techniques, including detection and 
forensics and encryption 


Identify the top security threats to cloud computing 
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Figure 5-31. Unit summary WS009 / VS0091.0 
Notes: 
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Purpose — Summarize the learning points in the unit. 


Details — This can either be a repeat of the unit objectives or another form of summary of 
the learning points. 


Additional information — 


Transition statement — 
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Checkpoint 


1. True or False: The lower down the Cloud Reference Model stack the 
consumer moves, the more security the consumer is responsible for 
providing and managing. 


2. Which of the following terms is not an aspect of identify management? 


A. Centrally locate the data E. Single sign-on 

B. Integrating F. Security administration 
C. Strengthen authentication G. Analyzing data 

D. Provisioning H. Two-phased commit 


3. Match the following: 
A doorway into cloud services . Internal security breaches 
Internal security violations . User account and service hijacking 
Leveraging shared technologies . Data corruption or loss 
Lost or corruption of data . Nonstandard and vulnerable APIs 


Attacker gains access to a cloud . Virtualization and multitenancy 
users credentials 
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Figure 5-32. Checkpoint WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Purpose — Discuss checkpoint questions to verify understanding. 
Details — 

Additional information — 


Transition statement — 
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Checkpoint answers 


1. True or False: The lower down the Cloud Reference Model stack the consumer 
moves, the more security the consumer is responsible for providing and 
managing. 

2. Which of the following terms is not an aspect of identify management? 

A. Centrally locate the data Single sign-on 
B. Integrating Security administration 
C. Strengthen authentication Analyzing data 


D. Provisioning Two-phased commit is a database 
term 


pe Gy im 


3. Match the following: 


A doorway into cloud services . Nonstandard and vulnerable APIs 
Internal security violations . Internal security breaches 


Leveraging shared technologies . Virtualization and multitenancy 
Lost or corruption of data . Data corruption or loss 


Attacker gains access to a cloud . User account and service hijacking 
users credentials 
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Figure 5-33. Checkpoint answers WS009 / VS0091.0 
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Checkpoint (optional) 
1. What is the name of systems that pretend to be something else 
(something of value) that tricks attackers into revealing details on 


where they are attacking from? 


© Copyright IBM Corporation 2010 


WS009 / VS0091.0 


Figure 5-34. Checkpoint (optional) 


Notes: 
Write your answer here: 


1. 
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Purpose — Discuss checkpoint question to verify understanding. 
Details — 

Additional information — 


Transition statement — 
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Checkpoint (optional) answer 


1. What is the name of systems that pretend to be something else 
(something of value) that tricks attackers into revealing details on 
where they are attacking from? 

Answer: Honey Pot is the name of systems that pretend to be 


something else (something of value) that tricks attackers into 
revealing details on where they are attacking from. 
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Figure 5-35. Checkpoint (optional) answer WS009 / VS0091.0 
Notes: 
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Unit 6. IBM cloud computing architecture and 
offerings 


Estimated time 


00:45 


What this unit is about 


This unit describes the cloud computing offerings and services that 
IBM provides. 


What you should be able to do 


After completing this unit, you should be able to: 


Position various vendors in the service delivery model of cloud 
computing 


Provide an example of an IBM cloud architectural configuration 


Describe the IBM cloud computing offerings and services 
- Collaboration — LotusLive, BlueWorks 
- Smart Business Desktop 
- Smart Business Development and Test 


- Smart Analytics Cloud 


Describe IBM tooling options for management and governance — 
Tivoli 


Describe the IBM Smart Business Development and Test cloud — 
Jazz for Rational 


Describe cloud computing using IBM WebSphere 


How you will check your progress 


e Checkpoint 


« Demonstration 
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Unit objectives 


After completing this unit, you should be able to: 

e Position various vendors in the service delivery model of cloud 
computing 

e Provide an example of an IBM cloud architectural configuration 

Describe the IBM cloud computing offerings and services 

— Collaboration — LotusLive, BlueWorks 

— Smart Business Desktop 

— Smart Business Development and Test 

— Smart Analytics Cloud 

Describe IBM tooling options for management and governance — 

Tivoli 

Describe the IBM Smart Business Development and Test cloud — 

Jazz for Rational 


Describe cloud computing using IBM WebSphere 
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Figure 6-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Purpose — List the unit objectives. 
Details — 

Additional information — 


Transition statement — 
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Topics 


e Cloud services and vendor-positioning 
e Cloud computing for a test environment 
e IBM cloud architecture and TSAM 

e Development and test on the IBM cloud 
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Figure 6-2. Topics WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — List the topics in this unit. 
Details — 

Additional information — 


Transition statement — 
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6.1. Cloud services and vendor positioning 
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Cloud services and vendor 
positioning 


SS © Copyright IBM Corporation 2010 
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Figure 6-3. Cloud services and vendor positioning WS009 / VS0091.0 
Notes: 
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Purpose — Introduce the topic. 
Details — 

Additional information — 


Transition statement — 
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IT services that can be standardized for cloud 


e Web-based applications 

e Collaboration tools 
— Email and instant messaging 

e Development and test environments 
— Desktop and user 

e High-performance computing 
— File and image storage 


— CPU-intensive research and development applications that may require high 
availability and failover 


— Payment processing and expense management 
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Figure 6-4. IT Services that can be standardized for cloud WS009 / VS0091.0 
Notes: 
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Cloud service layers and vendor positioning 


Software as a service (SaaS) Applications 


e Business processes «Salesforce.com °Oracle CRM on Demand 
CRM, ERP, 
Collaboration e Taleo eGoogle 


eIndustry applications “Analytics e NetSuite *ADP 


Platform as a service (PaaS) Platforms 


e Middleware eJ ava runtime 
e Database «Messaging 
eWeb 2.0 runtime ‘BPM 

e Development tooling 


e Force.com e Microsoft 
e Google e Cisco 


Infrastructure as a service (laaS) 


e Servers «Shared «Amazon 
e Networking virtualized, | *Dell 
*Data center fabric «Dynamic *Cisco 
«Shared provisioning 
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Figure 6-5. Cloud service layers and vendor positioning WS009 / VS0091.0 


Notes: 


The functions and services offered by cloud computing start with the needs of the user. In 
the case of the IBM Smart Business Development and Test Cloud and most other 
commercial cloud offerings, the user makes a request for services and resources through a 
self-service portal. Cloud applications then search for resources to match the request using 
a portfolio of cloud services. Access is provided back to the consumer through the portal. 


Applications: Business process services are focused on providing existing business 
processes through a cloud. If there is an existing process with steps that are known, it can 
be provided as a service within the catalog. This allows the service provider to automate 
any steps within the process while leaving the changes transparent to the customer. 


Platforms: Software platform services allow consumers to select a specific software 
instance that they want created, without the need to be aware of where and how it will be 
hosted. Key components of software platform services include tools and services for 
developers, dynamic software usage and accounting, and optimized middleware: 
application servers, database servers, and portal servers. 
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Infrastructure: Infrastructure services allow for the provisioning of standardized compute 
resources. They allow a consumer to request and receive a new computer instance without 
needing to focus on IT concerns such as network placement and hardware availability. 
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Existing services and 
third-party services Integrated 
service 
management 


ile software 


Shared middleware services 


WebSphere. software — R 
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Business 
planning and 
life cycle 
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Figure 6-6. IBM cloud services WS009 / VS0091.0 


Notes: 


IBM provides technologies to plan, build, deliver, and manage cloud services. In addition, 
IBM provides enabling services: experience and expertise to help clients plan, build, and 
deliver cloud services. 


Here is a list of IBM cloud-based offerings. Each one is described briefly on the following 
slides: 


e Analytics services: 
- IBM Cognos 8 Business Intelligence 
- IBM Smart Analytics Cloud for System z 
e Shared middleware services: 
- IBM WebSphere Application Server Hypervisor Edition 
- IBM WebSphere Cloudburst Appliance 


e Infrastructure services: 
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- IBM Information Archive 

- IBM Smart Business Storage Cloud 

- IBM Smart Business Desktop 

- IBM CloudBurst 

- IBM Smart Business for SMB 

- IBM Smart Business Development and Test Cloud 

- IBM Smart Business Development and Test on the IBM Cloud 
e Service management: 

- IBM Service Delivery Manager 

- Rational Quality Manager 
e Security: 

- IBM Rational AppScan family of products: 

- IBM Security Server Protection 

- IBM Security Network Intrusion Prevention System 

- IBM Managed Security Services 

- Business planning and life cycle management: 

- IBM Rational System Architect 

- IBM Rational Requirements Composer 


- IBM Rational Software Delivery Services, Rational Asset Manager 
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Analytics services 


e IBM Cognos 8 Business Intelligence 
— SOA-based; draws on data from all enterprise sources 


— Allows you to use reports, analysis, dashboards, and scorecards to monitor 
business performance, analyze trends, and measure results 


e IBM Smart Analytics aooaa 
Cloud for System z a e SESS 
p id b . m: =| 3| Pipeline Health Check for Region: <Office> 
— Provides business pa sic ise 
intelligence services on 
powered by a cloud 


ep 


<NewOpskeq 


deployment snamniseerean casa 
=~ Cognos reporting software ==- 
+ woen -Bn -a eel Pare I E man 
© Copyright IBM Corporation 2010 
Figure 6-7. Analytics services WS009 / VS0091.0 


Notes: 


IBM Cognos 8 Business Intelligence delivers the complete range of BI capabilities: 
reporting, analysis, dashboarding and scorecards on a single, service-oriented architecture 
(SOA). Author, share and use reports that draw on data across all enterprise sources for 
better business decisions. 


For more information, see: http: //ww. ibm. com/software/data/cognos/products/ 
cognos -8-business-intelligence/ 


IBM Smart Analytics Cloud focuses on transforming traditional business intelligence and 
analytic environments into a self service knowledge dissemination solution for the 
enterprise. The Smart Analytics Cloud creates a standard private cloud business 
intelligence solution at the customer site built on mainframe capability. This solution is 
designed to provide customers with business intelligence services that are powered by a 
cloud deployment for greater efficiency with less cost and resources to reach a broader 
audience. 


See: http: //ww.ibm.com/systems/z/solutions/cloud/smart . html 
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LotusLive 


e Provides cloud-based 
collaboration solutions 
and social networking 
services for business 


— Email to tv 
— Online meetings 7 
— Social networking 
— Instant messaging 
— File sharing, and so on 


http: //www.lotuslive.com/ 
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Figure 6-8. Lotus Live WS009 / VS0091.0 


Notes: 


LotusLive is a collection of integrated, online collaboration solutions and social networking 
services for your business. 


You can meet online, share files, chat, manage projects, and network with potential clients, 
anywhere, anytime. Whether you work remotely, manage remote teams, or just need one 
simple place to bring colleagues together, LotusLive delivers collaboration solutions, all ina 
securely designed environment. 


LotusLive provides the following types of solutions: 
e Reliable email options in a secure hosted environment 
e Online meetings with anyone, anywhere, anytime 
e Tools for business social networking 
e Online services to bring your team together online 
e Smart solutions for online collaboration, such as file sharing 


See http://ww.lotuslive.com/ for more information. 
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S 
Other collaboration tools 


e BPM BlueWorks: 


— Allows you to create a space to collaborate with your team and map your 
business vision 


— Create a free account and invite others to your design space, or register with an 
existing one 


e BPM Blueprint 


— A cloud-based process discovery and documentation platform accessible from 
any browser 


— Allows users to outline, document, diagram, analyze, and share process details 


Hle Edit” VieW History Bookmarks jools” Help 


<> i V Bw] Intern nes Co ESF https: //apps. lotuslive.com/bpmblueworks/ 


BPM BlueWorks - Home 


BPMBlueWorks neta L Home News : Media Library & ogs ©) : Forums & 


Welcome to BPM BlueWorks 


A place for business leaders and 
business analysts to discover, explore, and 
design business-relevant content to help them 


Password: 
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Figure 6-9. Other collaboration tools WS009 / VS0091.0 


Notes: 
BPM BlueWorks: 
e Allows you to create a space to collaborate with your team and map your business 
vision 
e Create a free account and invite others to your design space, or register with an existing 
one 


e Provides industry content submitted by other members of the BPM BlueWorks 
community 


e Allows you to share your business design content with the BPM BlueWorks community 
e Provides best practices, exchange tips 


¢ Allows you to connect with other BPM practitioners through the BPM BlueWorks blog 
and community forum 


BPM Blueprint: 


6-22 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


e Acloud-based process discovery and documentation platform accessible from any 
browser 


e Allows users to outline, document, diagram, analyze, and share process details 
For more information, see: 

e https: //apps.lotuslive .com/bpmblueworks/ 

e http: //ww. ibm.com/software/integration/bpm-blueprint/ 
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Shared middleware services 


e IBM WebSphere Application Server Hypervisor Edition 


— Provides an innovative, performance based foundation to build, reuse, run, 
integrate and manage SOA applications and services within virtualized 
environments 


¢ IBM WebSphere Cloudburst Appliance 


— A hardware appliance that provides access to software virtual images and 
patterns that can be used as is or easily customized, and then securely 
deployed, managed, and maintained in a private cloud 


— Works seamlessly with IBM WebSphere Application Server Hypervisor Edition 


IBM WebSphere Cloudburst Appliance 


| 
WAWE software — 
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Figure 6-10. Shared middleware services WS009 / VS0091.0 


Notes: 

For more information see: 
¢ http: //ww.ibm.com/software/webservers/appserv/hypervisor/ 
¢ http: //ww.ibm.com/software/tivoli/products/cloudburst/ 


These products will be described in the next unit. 
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Security 


e IBM Rational AppScan family of products: 


— Automates web application security testing by scanning applications, identifying 
vulnerabilities, and generating reports with intelligent fix recommendations to ease 
remediation 


— Multiple editions available 
e IBM Security Server Protection 


— Offers multilayered protection against known and unknown threats and supports a 
broad range of operating systems 
— Protects servers from attack and manages compliance with monitoring, recording, 
auditing 
e IBM Security Network Intrusion Prevention System (formerly IBM Proventia 
Network Intrusion Prevention System): 


— Network security platform that delivers IBM Virtual Patch technology, client-side 
application protection, advanced IPS, data security, and protection for web applications 


e IBM Managed Security Services, cloud security services 
Provides expertise, tools, and infrastructure needed to 


secure information assets from Internet attacks 24-7-365 UUs software 
— Express managed email and web security 
— Security event and log management service belie) software 


Vulnerability management service 
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Figure 6-11. Security WS009 / VS0091.0 


Notes: 


IBM Rational AppScan family of products include: 


AppScan Build Edition: embeds web application security testing into the build 
management workflow. 


AppScan Enterprise Edition: provides web application vulnerability testing and 
reporting solution used to scale security testing. 


AppScan Express Edition: provides affordable web application security for smaller 
organizations. 


AppScan OnDemand: identifies and prioritizes web application security vulnerabilities 
via the SaaS model. 


AppScan OnDemand Production Site Monitoring: monitors production web content 
and sites for security vulnerabilities via the SaaS model. 


AppScan Reporting Console: provides centralized reporting on web application 
vulnerability data. 
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e AppScan Source Edition: prevents data breaches by locating security flaws in the 
source code. 


e AppScan Standard Edition: automates web application security testing for IT security, 
auditors, and penetration testers. 


e AppScan Tester Edition: integrates web application security testing into the QA 
environment. 


¢ IBM Security Server Protection (formerly IBM Proventia Server Protection) offers 
multilayered protection against known and unknown threats and supports a broad 
range of operating systems. It helps provides host protection against data breaches and 
offers tracking and reporting to ease meeting regulatory compliance. 


e IBM Security Network Intrusion Prevention System (formerly IBM Proventia 
Network Intrusion Prevention System) is a network security platform that delivers IBM 
Virtual Patch technology, client side application protection, advanced IPS, data security, 
and protection for web applications. It includes: 


- IBM Web Application Security: protects web applications with IBM Proventia Web 
Security for the same security of a stand-alone web application firewall 


- IBM Security Content Analysis technology: safeguards critical data 
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IBM Smart Business Development and Test Cloud 


e Implementation of a private cloud for a test and development 
environment 

e Includes: 
— Self-service catalog portal to request resources 


— Cloud management platform with service request management, automated 
provisioning, and change and configuration management 


— Enhanced Web 2.0-based GUI 
— Image management 
— Usage metering and accounting with ITUAM 


— Preconfigured software images for Rational Team Concert, Rational Asset 
Manager, Rational Quality Manager, BuildForge 


e Supports VMware, KVM, and PowerVM environments 


© Copyright IBM Corporation 2010 


Figure 6-12. IBM Smart Business Development and Test Cloud WS009 / VS0091.0 


Notes: 


Provides design and implementation of a private cloud for a test and development 
environment, which includes: 


Self-service catalog portal to request resources 


Cloud management platform with service request management, automated 
provisioning, and change and configuration management 


Enhanced Web 2.0-based GUI 
Image management 
Usage metering and accounting with ITUAM 


Preconfigured software images for Rational Team Concert, Rational Asset Manager, 
Rational Quality Manager, BuildForge 


Supports VMware, KVM, and PowerVM environments. 
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6.2. Cloud computing for a test environment 
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Cloud computing for a test 
environment 


‘~ 
“See zi 


a © Copyright IBM Corporation 2010 
~GoursemAterials may not be reproduced in whole or in part without the prior written permission of IBM. 


Figure 6-13. Cloud computing for a test environment WS009 / VS0091.0 
Notes: 
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Using cloud computing for a test environment 


e The characteristics of cloud computing are a natural fit for enhancing your 


test environment. 


Service 
offering manager 
f 
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Service designer Service catalog customer 
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) Application 
ooo developer 
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Ae 


r tor Customer 


Production EAT. Tew, 
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Figure 6-14. Using cloud computing for a test environment WS009 / VS0091.0 


Notes: 


This diagram illustrates an example cloud deployment and management process. When 
done manually, these steps can take a significant amount of time. A cloud environment 
dramatically reduces this complexity by implementing automation, business workflows, and 
resource abstraction that allows a user to browse a catalog of IT services and submit the 
order. 


1. 


A service designer may define service offerings. In a cloud environment, predefined 
templates can be used. 


2. Services are released to users in the form of a service catalog. In a cloud environment, 
this service catalog may be available through a user portal. 

3. A resource request is initiated by a customer. The request may need to be approved by 
a service offering manager. In a cloud environment, this step can be automated or 
implemented by a workflow. 
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4. The test resources are reserved or allocated for the customer and provisioned. This 
process can be automated by using a service automation manager, such as TSAM 
(described later). 


5. An application image is created. This process can also be managed by a service 
automation manager. 


6. The developer works with the image. The developer may make changes to the image, 
run tests, and so on. 


The image is promoted to production. 


Resources are deprovisioned. The administrator returns resources to the pool when 
they are no longer needed. This process can also be automated by using a service 
automation manager. 


9. The developer may initiate the cycle again. A cloud environment leverages reusable 
resources. 
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6.3. IBM cloud architecture and TSAM 
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IBM cloud architecture and 
TSAM 
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Figure 6-15. IBM cloud architecture and TSAM WS009 / VS0091.0 
Notes: 
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Cloud systems view (1 of 2) 


e A cloud is made up of the managing and the managed 
environments 


e The managing environment supports the management of cloud 
services throughout their life cycle 

e The managed environment is managed by the service management 
infrastructure; it includes the physical hardware layer and the virtual 
layer 

e The combination of the managing layer and the managed layer 
ensures that resources in a data center are efficiently managed and 
can be provisioned, deployed, and configured rapidly 


© Copyright IBM Corporation 2010 


Figure 6-16. Cloud systems view (1 of 2) WS009 / VS0091.0 
Notes: 
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Cloud systems view (2 of 2) 
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Figure 6-17. Cloud systems view (2 of 2) WS009 / VS0091.0 
Notes: 


Service portals: The service portals provide an easy-to-access, secure method for private 
test cloud service consumers and service providers to configure and request services from 
the cloud. 


Cloud service products: The service products layer includes the private test cloud service 
offerings. 


Cloud managing environment: The managing environment supports the management of 
cloud services throughout their life cycle. The private test cloud management layer acts like 
the brain or control center to efficiently manage the resources in the entire cloud 
environment. The combination of the managing layer and the managed layer ensures that 
resources in a data center are efficiently managed and can be provisioned, deployed, and 
configured rapidly. This environment allows the provisioning process to be shortened by up 
to four weeks. 


Tivoli Change and Configuration Management Database (CCMDB): The Change and 
Configuration Management Database is the store of information related to the components 
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of the information management system. The CCMDB contains the data required to support 
service automation management, typically including the following elements: 


Service templates 
Topologies 
Management plans 
Reservations 


Assets and configuration items 


Software library: The software library is a repository that stores authorized versions of 
software packages and images. 


Cloud managed environment: The managed environment is managed by the service 
management infrastructure. The managed environment includes the physical hardware 
layer and the virtual layer. This provides a flexible, adaptive platform to improve resource 
utilization. Virtualization allows a set of underutilized physical servers to be consolidated 
into a smaller number of more fully utilized physical servers. The virtual layer provides the 
abstraction of logical resources away from their underlying physical resources. 
Virtualization technology is not limited to servers; it can also be applied to storage, 
networking, and applications. 
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IBM Tivoli Service Automation Manager (TSAM) 


e Supports a comprehensive deployment and management process for cloud 
environments 
—_—> 


Service Service 
operations termination 


; —> ‘ 
Service Service 


definition and | Service offering instantiation 


integration and automation 


e Users can request, deploy, monitor, and manage cloud service environments 
e Templates define service offerings, such as virtualized operating systems and 


application middleware stacks, integrated with workflow processes and 

standardized configurations, and make them available to business operations staff 

members 

— Enables IT to respond quickly to demands for computing resources and application 
middleware deployments 

— Facilitates standardization and automation for deployment and management of cloud 
services 


e Provides traceable processes and approval routings to serve as audit trails, and 


integrates with process governance 


e Can be integrated with other service management capabilities such as: 


— Configuration and change — Release management 
management — Financial management 
— In-depth monitoring — Service desk functionality 
© Copyright IBM Corporation 2010 
Figure 6-18. IBM Tivoli Service Automation Manager (TSAM) WS009 / VS0091.0 
Notes: 


IBM Tivoli Service Automation Manager (TSAM) supports a comprehensive deployment 
and management process for cloud environments. The diagram provides a high-level view 
of this process. 


Some attributes of IBM Tivoli Service Automation Manager are as follows: 


Users can request, deploy, monitor, and manage cloud service environments 


Templates define service offerings, such as virtualized operating systems and 
application middleware stacks, integrated with workflow processes and standardized 
configurations, and make them available to business operations staff members 


Enables IT to respond quickly to demands for computing resources and application 
middleware deployments 


Facilitates standardization and automation for deployment and management of cloud 
services 


Provides traceable processes and approval routings to serve as audit trails, and 
integrates with process governance 
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e Can be integrated with other service management capabilities, such as: configuration 
management, change management, in-depth monitoring, release management, 
financial management and service desk functionality 


In addition, Tivoli Service Automation Manager integrates with the IBM WebSphere 
CloudBurst Appliance to speed the delivery of WebSphere-based cloud services by 
providing the ability to create projects and add servers based on WebSphere patterns. 
Tivoli Service Automation Manager is also included with IBM CloudBurst to help provide an 
easy-to-deploy private cloud package and provide consistent administration across your 
cloud environment. 
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Figure 6-19. Service request flow with TSAM WS009 / VS0091.0 


Notes: 


The service automation manager, such as TSAM, is an integral component of the operation 
supporting system (OSS) layer. This diagram illustrates how a request is handled through 
the request life cycle by a service automation manager. 


1. User requests or reserves a resource. 


2. TSAM allocates it from the resource pool. 

3. TSAM retrieves and configures a VM image from the image library. 

4. TSAM provisions the image. 

5. TSAM retrieves application and middleware configurations from the asset library. 

6. TSAM configures and deploys the software onto the image. 
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TSAM overview screen of key metrics and tasks for the cloud 
administrator 
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Figure 6-20. TSAM overview screen of key metrics and tasks for the cloud administrator WS009 / VS0091.0 


Notes: 


Tivoli Service Automation Manager provides robust functionality for selecting and 
provisioning standard software packages on virtual servers. A simple, easy-to-use set of 
applications enable data center personnel to achieve rapid time-to-value for virtual-server 
provisioning from these platforms. The off-the-shelf configuration that is provided for these 
applications supports fully automated provisioning with a standardized set of deployment 
activities. 


The self-service environment is supported by the self-service user interface. The 
Self-Service Virtual Server Management functionality addresses a long-standing need by 
data centers to efficiently manage the self-service deployment of virtual servers and 
associated software. Using a set of simple, point-and-click tools, a user can select a 
software stack and have the software automatically installed or uninstalled in a virtual host 
that is automatically provisioned. 


The screen shown here shows some of the features available for Self-Service Virtual 
Server Management. From the Self-Service Virtual Server Management interface, you can 
perform the following types of tasks: 
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Log in to the self-service user interface, which provides direct access to the offerings. 


Work with a set of built-in approval workflows and notifications that are invoked after 
self-service provisioning requests are created. 


Create a virtual server project with one or more virtual servers. Each server receives an 
automatically assigned host name. 


Create a new project and use the saved server images to provision a server in that 
project. This functionality is only available for VMware, System p LPAR, and KVM. 


Cancel a virtual server project. When you cancel a project, all of the servers that have 
been provisioned within that project are deprovisioned. The host names that were 
automatically assigned to these servers are freed up for use by other virtual servers that 
are created in the data center. Any image saved for a server that participated in the 
project is deleted. 


Add new servers to a project or modify the reservation date. 
Modify the state of a server, its resources, or reset the password for a server. 


Create and remove snapshot-like server images, and restore the servers using these 
images. This functionality is not implemented for the Xen and z/VM hypervisors. 


Manage the Tivoli Provisioning Manager Image Library — this is the source for software 
images to be used in provisioning the virtual servers. Once the image templates 
discovery has been performed in Tivoli Provisioning Manager by the system 
administrator, the images need to be registered in the Image Library, so that they can 
be used for provisioning. Use these tasks to learn how to register or unregister server 
images. 


Manage users and groups of users. 

View general details about a project and its servers. 

View the list of all servers and manage them. 

View the full list of requests and their statuses. 

View the details of a request and work with communication logs. 


View the details of the requests awaiting approval and approve or reject them. 


These tools integrate with IBM Tivoli Service Request Manager to provide a self-service 
portal for reserving, provisioning, recycling, and modifying virtual servers, and working with 
server images, in the following platform environments in a virtualized non-production lab 
(VNPL): 


VMware on System x (also used in the IBM CloudBurst and WebSphere CloudBurst 
Appliance products) 


Xen on System x 
KVM on System x 
LPARs on System p 
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e z/VM guests on System z 
e WebSphere CloudBurst Appliance 


Capabilities support baseline reporting, management, and control. 
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A spectrum of deployment options 
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Figure 6-21. A spectrum of deployment options WS009 / VS0091.0 


Notes: 


These deployment options determine who owns and manages the cloud. The IBM Smart 
Business Development and Test on the IBM cloud model is an example of a public cloud, 
where customers can use IBM-owned and operated resources on a pay-as-you-go plan. 
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6.4. Development and test on the IBM cloud 
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Figure 6-22. Development and Test on the IBM cloud 


Notes: 
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IBM Smart Business Development and Test on the IBM cloud 


e A dynamic virtual development and test infrastructure service, 
designed for the enterprise, on the IBM cloud 

Provides users with 

— Choice of virtual configurations 

— Option to add persistent storage 

— Preconfigured software images 

Pay as you go (hourly rates per VM instance) 

Available support: 

— User forum 

— Premium support 


e http: //www.ibm.com/services/us/igs/ 
cloud-—development / 


e An instance can be deployed and provisioned quickly in just three 
steps 


© Copyright IBM Corporation 2010 


Figure 6-23. IBM Smart Business Development and Test on the IBM cloud WS009 / VS0091.0 


Notes: 


The IBM cloud is a dynamic virtual development and test infrastructure environment, 
designed for the enterprise. It provides users with a choice of virtual configurations, the 
option to add persistent storage, and preconfigured software images. You pay as you go 
(hourly rates per VM instance). Free and paid support is available. Access via: 


http: //ww.ibm.com/services/us/igs/cloud- development / 


An instance can be deployed and provisioned quickly in just three steps, described on the 
next few slides. 
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h 


Close [x] 


User ID: Password: 
| | | 


= Register = Forgot password? 


Reduce capital spe © somt  @ cance 
shorten developme 


Development and Te 


All information submitted is secure. Q 


and test needs with a competitive edge. The flexible provisioning offered by this solution means 
you can get the IT resources you need, on demand, at a predetermined cost. Capital : f 5 
expenditures are limited or eliminated. Operational costs are contained and predictable. IT testing environment with 
personnel no longer need to spend precious cycles deploying, configuring, and maintaining cloud computing- Cloud 
your development and test environment. computing enables speed to 

market and cost savings. 
We offer a full range of options for development and testing workloads across a spectrum of => Learn more 
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Power your development & 


3 , 5 Get started 
Deliver your next development project on time and on budget e 
IBM Smart Business Development and Test on the IBM Cloud addresses your development Customers [ Sign in ] 


Figure 6-24. IBM Smart Business Development and Test Cloud portal: Sign in WS009 / VS0091.0 


Notes: 


After requesting a contract, you receive information on how to log into the Development & 
Test portal. The URL for the login page is: http://wwẸ. ibm.com/cloud/enterprise/ 
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IBM Smart Business 


Develo Add user 


Enter the user's properties and click Submit to save. 


Required fields are indicated with an asterisk (*) 


Profile Administrati US°T'* 


Max VMs to Provision: 


Max Number of Public IP 
Account management 


Addresses? 


* Manage users - 
Max Number of Private IP 


Addresses? 


Related links Max Number of Storage 


« Users Guide Blocks: 


Reason for administrator 
action? 


(>) Submit 


Weicome Megan Irvine | Sign cut 


and administrators. 
tified from any information you provided has consented to 


se the artian huttans atthe hottam ofthe tahle 


wv Go to page: | 


Type ay Status aw 


Administrator Active 
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Figure 6-25. Account administration: adding a user 


Notes: 


WS009 / VS0091.0 


You can add users to the account on the Account > Administration page. Select Add a 
user from the Global actions menu and click the right-arrow button. Complete the form 


and click Submit. 
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E 


Creating an instance (1 of 7) 


IBM Smart Business Weicome Megan Irvine | Sign out 


Development & Test 
Control pane! 


Instances Images Storage View asset catalog => 


Welcome to the Control Panel. You have not created any instances to view or manage. Once you have created instances, they will be displayed within the control 
panel 


C+) Add an instance to get started 


For more details, please visit the support page 


Step 1 Click the Add Step 2 View Image details Step 3 Watch your Instances 


Instances button and customize to provision and start 
and select an Image your needs managing 


Developmen & Text ae 
—— om 
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Figure 6-26. Creating an instance (1 of 7) WS009 / VS0091.0 


Notes: 


You can create an instance on the Control Panel > Instances page. Click Add an 
instance to get started. 


After you have created some instances, they are listed here. 
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Close [x] 


Add instance 


Step 1 of 4: select image View: Public | My Images 


Select Data Center:’ | RTP [¥] 


IBM Lotus Forms Turbo 3.5.1 - BYOL 


IBM Lotus Forms Turbo 3.5.1 for Red Hat Enterprise Linux 5.4 (32-bit) using bring your own license 
entitlement (PVU) PA part number EOSTWLL (Red Hat Enterprise Linux/5.4) 


IBM Lotus Forms Turbo 3.5.1 - PAYG 


IBM Lotus Forms Turbo 3.5.1 for Red Hat Enterprise Linux 5.4 (32-bit) with pay as you go use 
option (Red Hat Enterprise Linux/S.4) 


IBM Lotus Web Content Management 6.1.5 - BYOL 


IBM Lotus Web Content Management V6.1.5 for SUSE Linux Enterprise Server 11.0 (32-bit) using 
bring your own license entitlement (PVU) PA part number E... (SUSE Linux Enterprise 
Serveri11) [more] 


IBM Lotus Web Content Management 6.1.5 - PAYG 


IBM Lotus Web Content Management V6.1.5 for SUSE Linux Enterprise Server 11.0 (32-bit) with 
Pay as you go use option (SUSE Linux Enterprise Server/11) 


IBM Lotus Web Content Management SE 6.1.5 - BYOL 

IBM Lotus Web Content Management Standard Edition V6.1.5 for SUSE Linux Enterprise Server 11.0 
(32-bit) using bring your own license entitlement (PVU)... (SUSE Linux Enterprise 

Server/11) [more] 
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Figure 6-27. Creating an instance (2 of 7) WS009 / VS0091.0 


Notes: 


A catalog of images displays. You can select the Data Center from the drop-down menu, 
then choose an image, and click Next. 
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Creating an instance (3 of 7) 


Add instance 


Step 2 of 4: configure image 


- Ce You selected: IBM WebSphere Application Server V7.0 - PAYG 

suse BM WebSphere Application Server Base 7.0.0.9 with feature packs XML 1.0.0.3, Web 2.0 v1.0.0.2, 
SCA v1.0.1.1, CEA v1.0.0.3 for SUSE Linux Enterprise Server 11.0 (32-bit) with pay as you go use 
option 


Complete the fields below to configure your instance selection. Required fields are indicated with an asterisk (*). 
Request Names | 

Quantity:* 1 

Server Size Bronze 32 bit 

Expires ons 401417192 

Key:* myKey (~] @ Add Key 


VLAN: Public Internet Ba 


Select IP:* system generated [~] How do | add an IP? 


Mount Storage: You do not have any storage. If you require storage, select cancel and select the 
Storage tab on the Control panel 


Image ID: 20004750 


Price: $0.727 / UHR 
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Figure 6-28. Creating an instance (3 of 7) WS009 / VS0091.0 


Notes: 


Depending on which image you chose in the previous step, the options on the next few 
screens may vary. In this example, the user chose an image with WebSphere Application 
Server Base 7.0.0.9. The form on the right asks you to specify a WebSphere administrator 
user ID and password, and you can choose from a list of feature packs to include. 


Note that in this example, the user specified a security key (highlighted in the screen 
capture). If you have already generated a security key for your instance, you can select it 
from the drop-down menu. Otherwise, you can click the Add key link, and you go to the 
page to generate a new key pair. These steps are shown later in this unit. 
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Creating an instance (4 of 7) 


Add instance 


Step 2b of 4: configuration additional parameters 


Complete the fields below to configure your instance selection. Required fields are indicated with an asterisk 


(*). 


WebSphere admininstrator 
ID:* 


WebSphere admininstrator 
password:* 


Re-enter Password: 


Select a configuration 
profile: 


Select feature packs to 
enable: 


Specify a user ID for executing and administering WebSphere processes on 
the instance. To ensure security, do not specify ‘root’ or ‘idcuser as 
administrator ID. 


Specify a password for WebSphere administrator ID. Password must contain 
at least 1 number, at least 1 lower case letter, and at least 1 upper case 
letter. 


© Development profile 
(®) Default single server profile 


Choose development profile if you are developing an application using tools 
such as IBM Rational Application Developer. Choose default single server 
server profile for running the application in a production-like setting. 


(®) CEA feature pack 

(®) SCA feature pack 

(®) SCA feature pack with SDO 
© XML feature pack 

© All of the above 


O None 


Specify feature packs to enable in the profile 
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Figure 6-29. Creating an instance (4 of 7) 


Notes: 


WS009 / VS0091.0 
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Creating an instance (5 of 7) 


Add instance 


Step 3 of 4: verify configuration 


Image Name: 


Image Description: 


Data center: 
Request Name: 
Quantity: 
Server Size: 
Expires on: 
Key: 

Select IP: 


Mount Storage: 


VLAN: 
Price: 


WebSphere admininstrator 
1D: 


WebSphere admininstrator 
password: 


Select a confiquration 


IBM WebSphere Application Server V7.0 - PAYG 


IBM WebSphere Application Server Base 7.0.0.9 with feature packs XML 
v1.0.0.3, Web 2.0 v1.0.0.2, SCA v1.0.1.1, CEA v1.0.0.3 for SUSE Linux 
Enterprise Server 11.0 (32-bit) with pay as you go use option 


RIP 
SuseWAS7Payg1 
1 

Bronze 32 bi 
10/17/12 

myKey 

system generated 
none 

Public internet 
$0.727 / UHR 


wasadmin 
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Figure 6-30. Creating an instance (5 of 7) 


Notes: 


WS009 / VS0091.0 


After choosing options for the image, you are prompted to verify the configuration details, 
and then you must agree to the service agreement. Upon activation of the instance, usage 
metering begins and your account is charged accordingly. 
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Creating an instance (6 of 7) 


Add instance 


Step 4 of 4: service agreement 


Your access to and use of the Services, including all selected options, are governed by the terms of the 
Agreement that was signed between your Enterprise and IBM for these Services. These Services are also 
governed by one or more Attachments (including Service Description and Image Terms Attachments), which have 
additional terms. Attachments are part of the Agreement between you and IBM and include any announced 
updates to Attachments for these Services you are ordering after the Agreement was initially signed. The 
Agreement and Attachments also reference applicable IBM and third party end user license agreements that 
govern the use of IBM or third party software and operating system software provided as part of an Image. 


You are responsible for complying with the terms of the Agreement (including applicable Attachments and 
applicable license agreements. You may review the terms for the Service by 1) obtaining information regarding 
the Agreement and Attachments from your Account Administrator and 2) accessing the Asset Catalog to review 
specific Image Terms for end user license agreements for IBM and third party software provided as part of an 
Image. 


© l agree © ido not agree 
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Figure 6-31. Creating an instance (6 of 7) WS009 / VS0091.0 
Notes: 
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Creating an instance (7 of 7) 


SuseWAS7Payg1 Change name Expires: 10/17/12 730 Days 


1?) v 


OS: SUSE Linux Enterprise Server v11 Security Key Pairs: Instance tags: 
IP: > Generate key pair 


Size: BRZ32.1/2048/175 > Instructions 
Hostname: 

Image: IBM WebSphere Application Server V7.0 - PAYG 

Storage: Not available 

Created on: 10/18/10 


Running for: 0 Hour 
Status: Requesting 
Originator: Not available 
Price: $0.727 / UHR 


Type Notifications 


© Copyright IBM Corporation 2010 


Figure 6-32. Creating an instance (7 of 7) WS009 / VS0091.0 


Notes: 


This screen indicates that the instance is being provisioned. This can take several minutes. 
The status changes when the provisioning is complete. 
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Generating security keys (1 of 2) 


Generate new key 


You are about to generate a new key pair 
keys: a public key and a private key. 


download a key file will be provided. This 
must ensure that you save this file, H 
you will be able to download your pri 


Public key: To retrieve your public key, c] 
table on the Account tab. 


Name: 
iI 


(>) Generate Key 


Private key: When you click the Generata 


Close [x] 


You have chosen to open 
ibmcloud_mirv@us.ibm.com_rsa 
which is a: com_rsa File 
from: https: //www-147.ibm.com 
What should Firefox do with this file? 


O pen with 


in: | & wuoos 


vy] OF em 


()Cloud_demos 


tomatically for files 


File name: ibmcloud_mirv@us ibm.com_rsa Iv] 


My Network Save as type: com_rsa File 


yy Ces 
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Figure 6-33. Generating security keys (1 of 2) 


Notes: 


WS009 / VS0091.0 


Click the Add key link, during instance creation, to generate a new key pair. You are 
prompted to save the file. Be sure to protect this file. 
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Generating security keys (2 of 2) 


Profile Administration 


Account Search 


Name: Megan Irvine | (>) 

Email/User ID: miv@us.ibm.com a 
Company/Affiliation: 7G Websphere Course Development Active instances: 0 Users: 209 

Active storage units: 0 Instances: 905 

* Change password Active storage units: 191 View asset 


catalog 
Find detailed information on 


Security Key Pairs 


@ More Information images and offerings. 


+ View asset catalog 


Oct 18, 2010 
Help 


( SSH Demo Video 
( Users Guide 


© Change default key @ Add key @ Generate new key 
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Figure 6-34. Generating security keys (2 of 2) WS009 / VS0091.0 


Notes: 


From the Account > Profile page, you can view and manage your keys. 
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Virtual local 
storage (GB) 


64-bit VM Copper Bronze 
component 
Virtual CPUs 2 2 
@ 1.25 GHz 
Virtual 
memory (GB) 
e 


Virtual local 
storage (GB) 
Figure 6-35. Instance compute resources WS009 / VS0091.0 


© Copyright IBM Corporation 2010 


Notes: 


Customers can select any of these instance compute resource configurations for either 
32-bit or 64-bit virtual machines. Some instance resource configurations may not be 
available for certain images. 


IBM tracks and meters the per hour usage for instances provisioned. The per hour 
metering for each instance begins when the instance is available for use and ends when 
the instance is deleted. 


Each instance is provisioned and loaded with an image selected from the image asset 
catalog or web portal. 
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Image use options (1 of 2) 


e Pay as you go (PAYG) 
— Per hour usage metering for PAYG images 
e Bring your own license entitlement (BYOL) 


— A BYOL image is only available if the customer has properly acquired (for 
example, Passport Advantage) authorizations to use an IBM software product 


e Pre-release 
— Available for images designated as pre-release in the image asset catalog 
e Developer use only (DUO) 


— DUO images are not part of the standard image enablement, and customers 
must complete and submit an enablement form for DUO to enable DUO 
images 

Third-party images 

e Customer-provided software 
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Figure 6-36. Image use options (1 of 2) WS009 / VS0091.0 
Notes: 
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Image use options (2 of 2) 


e Persistent storage 
: Storage Storage 
— You can order blocks of persistent 
storage to store content and use with 
an instance 
— IBM tracks and meters the number Medium 512 
and size of storage packages 
provisioned and used, and the number Large 2048 
of input and output access requests ee ee 
e Internet data transfer 
— IBM provides for inbound and outbound data transfers between the IBM cloud 
and Internet 
— IBM tracks and meters the amount of data transfers, rounded up to the next 
whole GB 
e Reserved IP addresses 


— You can order reserved public IP addresses on the publicly accessible shared 
virtual local area network (VLAN) in the IBM cloud 


— IBM tracks and meters per hour the number of reserved IP addresses used 
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Figure 6-37. Image use options (2 of 2) WS009 / VS0091.0 
Notes: 
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Premium services options 


e Reserved capacity package 


— Reserves instance compute 
resource capacity fora 
customer's exclusive use 


e Virtual private network (VPN) 


— You can order a private VLAN 
connection to the IBM Cloud 
Center 


e Premium support 
— Extends the base services 
support provided through the 
forum 
— Provides foundational support 


services and optional Linux 
support services 


Instance For each 
compute reserved 
resource capacity unit 


Virtual CPUs @ 
1.25GHz 


Virtual memory 
(GB) 


Virtual storage 
(GB) 
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Figure 6-38. Premium services options 


Notes: 


WS009 / VS0091.0 
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Other IBM cloud services 


Creating private images 

— You can create a snapshot image of an instance, and then save the snapshot 
as a custom image (private image) 

e Security 

— IBM provides security for the IBM Cloud Center infrastructure only 

— Customer is responsible for securing instances once provisioned 

Online cloud services forum 

— Provides information posted by IBM and customers regarding services and 
support 

— IBM monitors the forum during business hours, US Eastern time 

e Service level agreement 


— Customers may be eligible for a services credit in the event there is a 
degradation of services 
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Figure 6-39. Other IBM cloud services WS009 / VS0091.0 
Notes: 
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Unit summary 


Having completed this unit, you should be able to: 

e Position various vendors in the service delivery model of cloud 
computing 

e Provide an example of an IBM cloud architectural configuration 

Describe the IBM cloud computing offerings and services 

— Collaboration — LotusLive, BlueWorks 

— Smart Business Desktop 

— Smart Business Development and Test 

— Smart Analytics Cloud 

Describe IBM tooling options for management and governance — 

Tivoli 

Describe the IBM Smart Business Development and Test cloud — 

Jazz for Rational 

Describe cloud computing using IBM WebSphere 
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Figure 6-40. Unit summary WS009 / VS0091.0 
Notes: 
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Checkpoint 
1. True or false: Tivoli Service Automation Manager integrates with the 
IBM WebSphere CloudBurst Appliance. 


2. The IBM Smart Business Development and Test on the IBM cloud is 
an example of what type of cloud? 


A. Private 
B. Shared 
C. Public 
© Copyright IBM Corporation 2010 
Figure 6-41. Checkpoint WS009 / VS0091.0 
Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or false: Tivoli Service Automation Manager integrates with the 
IBM WebSphere CloudBurst Appliance. 


2. The IBM Smart Business Development and Test on the IBM cloud is 
an example of what type of cloud? 


A. Private 

B. Shared 

C. Public 

Answer: C 
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Figure 6-42. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Checkpoint (optional) 


1. Where do collaboration tools and analytics services fit into the 


cloud? 
2. Where does WebSphere fit into the cloud? 


What are some examples of Rational products that may be used in 
a cloud environment? 
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Figure 6-43. Checkpoint (optional) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Instructor notes: 
Purpose — Discuss these additional checkpoint questions to verify understanding. 


Details — These questions can be any format including open ended questions to start 
class discussions. 


Additional information — 


Transition statement — 
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WebSphere Education 
Checkpoint (optional) answers 


1. Software as a service (SaaS) 
2. Platform as a service (PaaS), or shared middleware services 


3. Jazz, IBM Rational Team Concert, Rational Quality Manager, 
Rational Requirements Composer, Rational Asset Manager, 
Rational Insight, and others. 
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Figure 6-44. Checkpoint (optional) answers WS009 / VS0091.0 
Notes: 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Demonstration 


IN Instance creation on the IBM 


/ _ ÀA Smart Business Development 
and Test Cloud 
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Figure 6-45. Demonstration 


WS009 / VS0091.0 


Notes: 
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Instructor notes: 


Purpose — Introduce the exercise. 


Details — This slide provides an introduction to an exercise (Such as a hands-on lab 
exercise, or team exercise). 


Additional information — 


Transition statement — 
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Demonstration objectives 


After completing this demonstration, you should be able to: 


e Describe how to create an instance on the IBM Smart Business 
Development and Test Cloud 
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Figure 6-46. Demonstration objectives WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — List the exercise objectives. 
Details — 

Additional information — 


Transition statement — 


© Copyright IBM Corp. 2010 Unit 6. IBM cloud computing architecture and offerings 6-109 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Demonstration 


k Connecting to an instance on 
/ : oN the IBM Smart Business 
/ . °A Development and Test Cloud 


f 
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Figure 6-47. Demonstration 


WS009 / VS0091.0 


Notes: 
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Instructor notes: 


Purpose — Introduce the exercise. 


Details — This slide provides an introduction to an exercise (Such as a hands-on lab 
exercise, or team exercise). 


Additional information — 


Transition statement — 
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WebSphere Education 


Demonstration objectives 


After completing this demonstration, you should be able to: 


e Describe how to connect to an instance on the IBM Smart Business 
Development and Test Cloud 
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Figure 6-48. Demonstration objectives WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — List the exercise objectives. 
Details — 

Additional information — 


Transition statement — 
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WebSphere Education 


Demonstration 


GaN Getting a fixed IP address, 


j _ storage, and keys on the IBM 
/ ‘\ Smart Business Development 
and Test Cloud 
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Figure 6-49. Demonstration WS009 / VS0091.0 
Notes: 
6-114 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 


Purpose — Introduce the exercise. 


Details — This slide provides an introduction to an exercise (Such as a hands-on lab 
exercise, or team exercise). 


Additional information — 


Transition statement — 
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Demonstration objectives 


After completing this demonstration, you should be able to: 
e Describe how to request storage and manage keys 
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Figure 6-50. Demonstration objectives WS009 / VS0091.0 


Notes: 
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Instructor notes: 

Purpose — List the exercise objectives. 
Details — 

Additional information — 


Transition statement — 
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Unit 7. IBM WebSphere CloudBurst and IBM 
WebSphere Hypervisor edition 


Estimated time 


00:30 


What this unit is about 


This provides an overview of the IBM WebSphere CloudBurst and IBM 


WebSphere Hypervisor edition. These two products can be used to 


create and provision cloud-based images. 


What you should be able to do 


After completing this unit, you should be able to: 
e Describe IBM WebSphere CloudBurst 


e Describe the features and capabilities of IBM WebSphere 
CloudBurst 


e Describe the features of IBM WebSphere Hypervisor Edition 


How you will check your progress 


e Checkpoint 


« Demonstration exercise 
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Instructor Guide 


WebSphere Education 


Unit objectives 


After completing this unit, you should be able to: 

e Describe IBM WebSphere CloudBurst 

e Describe the features and capabilities of IBM WebSphere CloudBurst 
e Describe the features of IBM WebSphere Hypervisor Edition 
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Figure 7-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Instructor notes: 

Purpose — List the unit objectives. 
Details — 

Additional information — 


Transition statement — 
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WebSphere Education 


What is IBM WebSphere CloudBurst? 


1. An appliance from IBM that 2. ...that manages a private cloud... 
includes... e Hypervisors 
e Hardware with built-in security e Storage 


and trust authority 


e WebSphere Application Server 
images 


e Network 


e WebSphere Application Server patterns 


[m 
ae 
f 
A 
E 
f 
3. ...comprises WebSphere virtual systems... 
e Customize images and patterns 
e Dispense and run in the cloud 
e Lifecycle management and optimization 
© Copyright IBM Corporation 2010 
Figure 7-2. What is IBM WebSphere CloudBurst? WS009 / VS0091.0 


Notes: 


IBM WebSphere CloudBurst appliance includes the hardware, the management 
application, and a set of preinstalled and preconfigured WebSphere Application Server 
virtual images and patterns. All access to the appliance is via supported interfaces, using 
the Web 2.0 user interface, the full command-line interface (CLI), or REST 
(representational state transfer) APIs. 


The appliance supports a “bring your own cloud” model in which hypervisors, network 
capabilities, and storage are provided for use by the appliance. The cloud is where the 
deployed WebSphere applications run; they do not run on the appliance. 


IBM WebSphere CloudBurst appliance provides the tooling to customize the IBM-provided 
images and patterns to create a self-service catalog of your WebSphere applications, and 
the capabilities to dispense WebSphere Application Server virtual systems into the private 
cloud. The appliance includes intelligent placement capabilities that enable the WebSphere 
Application Server patterns to be deployed to the cloud in such a way as to ensure efficient 
cloud resource usage and high availability characteristics. Once the patterns are deployed, 
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the appliance provides management and optimization capabilities, including mechanisms 
to apply fixes to the environment. 
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Instructor notes: 


Purpose — 


Details — This presentation unit covers two cloud-based WebSphere products that are 
offered by IBM. These are the IBM WebSphere CloudBurst appliance and the IBM 
WebSphere Hypervisor Edition. First, you review what is IBM WebSphere CloudBurst. 


Additional information — 


Transition statement — 
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WebSphere Education 


Provisioning of WebSphere Application Server instances 


What problems does IBM WebSphere Cloudburst address? 


Development 


e Provisioning of IBM WebSphere Test/QA 
Application Server instances 


e Shorten the development 


and testing life cycles Production 
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Figure 7-3. Provisioning of WebSphere Application Server instances WS009 / VS0091.0 


Notes: 


The appliance enhances rapid provisioning of IBM WebSphere Application Server 
instances from predefined patterns into a private cloud. The private cloud may contain 
environments for development, test, QA, and production. You can move development 
images directly to and from test as well as migrate test and QA instances to production. A 
distributed WebSphere production environment can be re-created on a single virtualized 
physical system for test purposes. A WebSphere Application Server test environment can 
be reset efficiently. You can save multiple versions and stages of test images. Development 
and test images can be rolled back using virtual machine snapshots. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Benefits of an appliance 


e Consumability 
— Available immediately after installation 
— Build private clouds after installation 


e Security 
— Everything stored is encrypted 
— Three secure interfaces 


e Performance 
— Advanced compression techniques 
— Advanced storage techniques 
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Figure 7-4. Benefits of an appliance WS009 / VS0091.0 


Notes: 


The appliance affords a great deal of consumability. After connecting the appliance and 
accepting the initial licenses, the WebSphere CloudBurst Appliance console is immediately 
available. No extra installation steps are necessary, and you can immediately begin to build 
out your private WebSphere clouds. 


The WebSphere CloudBurst Appliance, like an IBM WebSphere DataPower SOA 
Appliance, provides a tamper-resistant casing. In addition, WebSphere CloudBurst 
Appliance applies encryption to SSL certificates, passwords, virtual images, applications, 
and everything else that is stored on it. Users interact with WebSphere CloudBurst using 
one of three interfaces: 


e Web 2.0 user interface 
¢ Full command-line interface (CLI) 
e REST APIs 


There are no other access points (like a command-line shell), thus decreasing the surface 
area for malicious attacks. 
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The WebSphere CloudBurst Appliance serves as a dedicated store for both the shipped 
and customized WebSphere Application Server virtual images and patterns. The appliance 
includes advanced compression and storage techniques that enable a significant number 
of these sizeable virtual images to be stored by a user. The appliance also delivers the 
processing power needed to manage these virtual images and enable you to create private 
WebSphere clouds. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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WebSphere Education 


What is WebSphere Application Server Hypervisor Edition? 
Multiple disk design 


A. WebSphere profile types 
precreated on disk 


B. WebSphere Application Logical 
Server binary disk disks 


WebSphere 


Application Server 


C. IBM HTTP Server binaries 


binaries disk 


D. Base SUSE Linux 
Enterprise Server 
installation disk 


IBM HTTP Server 


binaries 


SUSE 10.2 
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Figure 7-5. What is WebSphere Application Server Hypervisor Edition? WS009 / VS0091.0 


Notes: 


WebSphere Application Server Hypervisor Edition is part of the WebSphere Application 
Server family of products. It is included in the appliance. It contains a preinstalled, 
preconfigured, OS-included binary image of the application server from which virtual 
machines can be created and deployed on hypervisors. 


For each release of WebSphere Application Server Hypervisor Edition V6.1 and V7.0 
products, the base image contains SUSE Linux operating system as well as the IBM HTTP 
Server, WebSphere Application Server binaries, and all profiles supported for that specific 
release. WebSphere Application Server Hypervisor Edition uses OVF format, which is an 
optimized format to store virtual images. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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WebSphere Application Server Hypervisor Edition features 


WebSphere shipped ready to run on hypervisor 


No installation required 
— Just choose a profile and run 


Single virtual image capable of supporting single servers or clusters 
Support for WebSphere Application Server V6.1 and V7 

Support for WebSphere Application Server feature packs 
Maintenance, support, 

cena ee [DO ons | 
WebSphere Application 


system 


IBM HTTP Server binaries 
Based on Open 


Virtualization Format Operating system 


(OVF) standard 


© Copyright IBM Corporation 2010 


Figure 


7-6. WebSphere Application Server Hypervisor Edition features WS009 / VS0091.0 


Notes: 


Previously, when IBM customers wanted to use WebSphere Application Server in a 
virtualization context, they were required to build their own images, which involved 
managing two parallel sets of code (operating system and middleware). Now IBM is 
building and supporting the entire virtual image. 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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WebSphere Education 


WebSphere CloudBurst console 


e Sign on to WebSphere CloudBurst using the administrative console 
e Request Application Server Hypervisor editions to be dispensed 


WebSphere CloudBurst 


Welcome 


Welcome to WebSphere CloudBurst! 


WebSphere CloudBurst is a hardware appliance that automates and optimizes the deployment of WebSphere Application Server environments. 


Deployment 


made easier 


Step 1: Set up the appliance 


Customize the appliance settings and create user 
accounts. You can also create user groups. 


Customize settings | Create users 


Step 2: Set up the cloud 


Create the cloud by identifying IP groups and 
collections of hypervisors called cloud groups. 


Add IP groups | Add cloud groups 


Step 3: Create a virtual system 


Create a virtual system by deploying a reusable 
pattern. 


Select a pattern to deploy 


Step 4: View virtual systems 


View the current status, metrics, and details of virtual 
systems in the cloud. 


View virtual systems 


Welcome, Administrator | 


Additional tasks 


Add virtual images 


Provide new virtual images to the catalog by 
uploading files or extending pre-built images. 


Add virtual images 


Add script packages 


Provide your custom scripts and applications to the 
catalog. 


Add script packages 


Create reusable patterns 


Create a custom pattern from the items in the 
catalog. 


Create patterns 


Use command line tools 


Perform administrative and deployment tasks from 
the command line. 


Download now! 
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Figure 7-7. WebSphere CloudBurst console WS009 / VS0091.0 


Notes: 


The user logs onto the WebSphere CloudBurst box, and based on the permissions set for 
that login, is presented with a list of environments, or patterns, as they are called, that can 
be made available in the cloud. These patterns are multiserver arrangements of 
WebSphere Hypervisor Edition. 


Users can create patterns from the WebSphere CloudBurst catalog of WebSphere 
Application Server Hypervisor Edition virtual images that ships with the CloudBurst 
product. 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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Dispensing WebSphere Hypervisor edition images 


IBM WebSphere CloudBurst Appliance 


WebSphere Application 
Server binaries 
IBM HTTP Server 
binaries 
Operating system 
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Figure 7-8. Dispensing WebSphere Hypervisor edition images WS009 / VS0091.0 


Notes: 


An environment or pattern is selected, and CloudBurst then chooses a set of hypervisors 
(based on utilization) in the cloud to dispense the environment into. WebSphere 
CloudBurst then presents the user with a list of the host names that were chosen, and the 
user can access the patterns that have been deployed as virtual systems running in the 
cloud. 
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Instructor notes: 


Purpose — 


Details — The CloudBurst appliance dispenses hardened (tried and tested) WebSphere 
patterns into a cloud or pool of virtualized hardware running a supported hypervisor, for 
example, VMware ESX or PowerVM. 


Additional information — WebSphere CloudBurst does not run WebSphere Application 
Server Hypervisor Edition on the appliance itself. Instead, it dispenses WebSphere 
Hypervisors into a pool of ESX hypervisors that run on a set of hardware that must be 
brought into a table of IP addresses held in CloudBurst. As a corollary, if WebSphere 
CloudBurst goes away for any reason, such as a hardware failure, the servers in the cloud 
continue running, as WebSphere CloudBurst is not in the critical path. 


Transition statement — 
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Catalog 


© Virtual images 
of 


WebSphere Application Server Hypervisor Edition 
Job Admin Single mar Single 
manager agent server g server 
Custom IBM HTTP Custom 


V7.0.0.7 profiles V6.1.0.27 profiles 


Script User supplied script packages G) Emergency 


packages fixes 


e wsadmin or other scripts 
e Java EE applications 
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Figure 7-9. Catalog WS009 / VS0091.0 


Notes: 


1. Provided with the appliance is a catalog of virtual images of WebSphere Application 
Server Hypervisor Edition V7.0 and V6.1. The catalog of virtual images contains all 
profiles related to those versions of the application server, as shown in the graphic. 


2. In addition, users can supply their own script packages. These script packages can 
contain script package files (wsadmin scripts or other OS executables), along with any 
Java EE applications or other artifacts. The user associates the scripts to a given 
deployment. At deployment time, the script is extracted and the executable specified in 
the package is executed on the virtual machine. Through this mechanism, the user can 
customize the WebSphere Application Server configuration on the virtual machine. 


Examples of custom scripts can include installing a Java EE application, or configuring 
a JDBC connection. 


3. A list of emergency fixes is also included in the catalog. 
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Patterns 


Pattern 


Job Admin Single 
manager agent server Pma | Ys HTTP 
N we erver 
se 


Custom IBM HTTP 
node node 
V7.0.0.7 profiles kZ SA 


- e Pattern is one or more 
Dmgr Single virtual image parts and 
g server à ge p 
script packages 
IBM HTTP selected from the 
Script zene Hode catalog used to create 


a deployment topology 


packages 


V6.1.0.27 profiles 


e Example illustrates a 
V7.0 clustered topology 
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Figure 7-10. Patterns WS009 / VS0091.0 


Notes: 


Using the catalog of WebSphere Application Server Hypervisor Edition virtual images and 
script packages, users can create patterns that can be deployed as virtual systems to the 

private cloud. Patterns are like templates that can be used to deploy virtual systems on the 
cloud. The pattern can be as simple as single server topology where a single server virtual 
image from the catalog for a given version is used to create a pattern. 


As shown in this example, the pattern is for a WebSphere Application Server V7.0 network 
deployment cell. From the catalog, a deployment manager, two custom nodes, and IBM 
HTTP Server were added to a pattern. At a later time, the pattern could be deployed as a 
virtual system to the private cloud. Each virtual image in the pattern is deployed as its own 
virtual machine into the private cloud. 
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Virtual systems: Deployed patterns 


e Virtual systems are patterns that have been deployed to the cloud 


Catalog 


1. Virtual images of 
WebSphere 
Application Server 
Hypervisor Edition 


Virtual system 


2. User supplied script 
packages 


Pattern Deploy 
Virtualize Preloaded 


Added 
Cloned 
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Figure 7-11. Virtual systems: Deployed patterns WS009 / VS0091.0 


Notes: 


There are a number of tasks that must be performed before a pattern is deployed as a 
virtual system to the private cloud. The user first must determine which virtual images in the 
catalog are suitable for the situation on hand. Next the user creates script packages. Script 
packages customize the deployment of the pattern to the cloud. The virtual image and 
script package combine to make a pattern. Users can work with preloaded patterns, add 
their own, or clone preloaded patterns. Once a pattern is finalized, it is deployed (or 
dispensed) to a hypervisor in the private cloud. A deployed pattern is called a virtual 
system. A virtual system is made up of one to many virtual machines that run on the 
hypervisor. 


7-24 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Virtual image life cycle 


WebSphere CloudBurst appliance 


WebSphere Application 
Server Hypervisor Edition Deploy 


OVF 
to hypervisor 
Package 


virtual image 


as OVF Manage 


virtual image 


Retire virtual 


Develop 
image 


virtual image 
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Figure 7-12. Virtual image life cycle WS009 / VS0091.0 


Notes: 


WebSphere Application Server Hypervisor and WebSphere CloudBurst appliance 
introduce a new life cycle to consider. Virtual images are developed and packaged using 
Hypervisor Edition. Those images are deployed, managed, and retired by the CloudBurst 
appliance. 
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Unit summary 


Having completed this unit, you should be able to: 
e Describe IBM WebSphere CloudBurst 
e Describe the features and capabilities of IBM WebSphere CloudBurst 


e Describe the features of IBM WebSphere Hypervisor Edition 
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Figure 7-13. Unit summary WS009 / VS0091.0 


Notes: 
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Purpose — Summarize the learning points in the unit. 


Details — This can either be a repeat of the unit objectives or another form of summary of 
the learning points. 


Additional information — 


Transition statement — 
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Checkpoint 


1. True or false: IBM WebSphere CloudBurst runs WebSphere 
Hypervisor edition virtual machines on the appliance. 


2. True or false: A distributed WebSphere production environment 
can be recreated on a single virtualized physical system for test 
purposes. 
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Figure 7-14. Checkpoint (objective only) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or false: IBM WebSphere CloudBurst runs WebSphere 
Hypervisor edition virtual machines on the appliance. 
Correct answer: False. 
WebSphere CloudBurst dispenses the WebSphere Hypervisor 
edition into a pool of ESX hypervisors that run on a set of hardware 
devices that must be held in a table on the appliance. 


2. True or false: A distributed WebSphere production environment 


can be recreated on a single virtualized physical system for test 
purposes. 
Correct answer: True. 
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Demonstration 


e” Ni 


/ . @\ Showing WebSphere 
/ à CloudBurst 
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Figure 7-16. Demonstration WS009 / VS0091.0 
Notes: 
7-34 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 
Purpose — Provide instructions for performing the exercise (optional). 


Details — This slide provides exercise instructions that are not in the student exercise 
guide. The CloudBurst demonstration uses an MP4 Player, and you should suggest that 
the students run this using the Firefox browser. 


Additional information — As a backup, you may direct students to the YouTube video 
found at http://www. youtube. com/watch?v=udh4d0TIxXGlLé&feature=related 


Transition statement — 
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Demonstration objectives 


After completing this demonstration, you should be able to: 


e Describe the capabilities and function of the IBM WebSphere 
CloudBurst appliance 
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Notes: 
7-36 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


Instructor notes: 

Purpose — List the exercise objectives. 
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Transition statement — 


© Copyright IBM Corp. 2010 Unit 7. IBM WebSphere CloudBurst and IBM WebSphere Hypervisor 7-37 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Demonstration instructions 


fe 


If you have not already done so, extract Cloud_demos.zip to 
your hard drive, ensuring that you select Use folder names when 
extracting the file 


2. Navigate to \Cloud_demos; then double-click simulations.html 
to start the demonstrations 
3. Select Demonstration: Showing WebSphere CloudBurst to start 
the demonstration 
4. Select Final Exercise: Cloud crossword (requires Java browser 
plug-in) to run the puzzle 
5. Follow the instructions provided 
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Unit 8. Course summary 


Estimated time 


00:10 


What this unit is about 


This unit provides a short summary of the course. 


What you should be able to do 


After completing this unit, you should be able to: 
e Explain how the course met its learning objectives 
e Submit your evaluation of the class 
e Identify other WebSphere Education courses related to this topic 
e Access the WebSphere Education website 


e Locate appropriate resources for further study 
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Unit objectives 


After completing this unit, you should be able to: 

e Explain how the course met its learning objectives 

e Submit your evaluation of the class 

Identify other WebSphere Education courses related to this topic 
Access the WebSphere Education website 

e Locate appropriate resources for further study 
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Transition statement — 


© Copyright IBM Corp. 2010 Unit 8. Course summary 8-3 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Instructor Guide 


WebSphere Education 


Course learning objectives (1 of 2) 


Having completed this course, you should be able to: 


Define cloud computing 

Identify the key characteristics of cloud computing 

List the benefits of using clouds 

Describe some of the challenges to adopting a cloud architecture 
Describe key cloud computing concepts and terminology 
Describe the service delivery models in cloud computing 

— Identify the software as a service (SaaS) delivery model 

— Identify the platform as a service (PaaS) delivery model 

— Identify the infrastructure as a service (laaS) delivery model 

List the various cloud deployment scenarios 

— Describe the features of private, public, hybrid, and community clouds 
— List some additional cloud deployment types 


— Select the most appropriate deployment model based on a set of business and 


technical requirements 
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Instructor notes: 
Purpose — 

Details — 

Additional information — 


Transition statement — 
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Course learning objectives (2 of 2) 


Since completing this course, you should be able to: 


Review the integration of security into the cloud reference model 
Describe security considerations in cloud computing 

Identify security options available in cloud computing 

Recognize the top security threats to cloud computing 


Describe the architecture of IBM cloud computing and IBM cloud 
computing offerings 

— Position the various vendors in the service delivery model of cloud computing 
— Illustrate an IBM example cloud architectural configuration 

— Describe some of the IBM cloud offerings 

Describe the capabilities WebSphere CloudBurst and WebSphere 
Hypervisor edition 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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Class evaluation 


e Your comments about this class are very useful to WebSphere 
Education 

e Feedback on the site, curriculum, and instructor tell WebSphere 
Education what was good about the class and what can be improved 


e Take the time to fill out the course evaluation on the IBM Training 
website, and receive your certificate for the course 
osart .atlanta.ibm.com 


— Course code: VS009 or WS009 


— Class number: © 
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Notes: 


Check the course code and class number with your instructor. 
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Purpose — 

Details — 

Additional information — 


Transition statement — 
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To learn more on this subject 


e WebSphere Education website: 


— www.ibm.com/websphere/education 


e Training paths: 
— www.ibm.com/software/websphere/education/paths/ 


— Identify the next courses in this sequence 


e Resource Guide 
— Contains information on many useful sources of information 
— Many of these sources are free 
— See handout in your class materials, or download a copy 


www.ibm.com/developerworks/wikis/display/WEinstructors/ 
WebSphere+Resource+Guide 


Email address for more information: 


— websphere_skills@us.ibm.com 


Education CD and documents in your class materials 
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References 


e developerWorks Cloud community: 


— https: //www.ibm.com/developerworks/mydeveloperworks/ 
groups/service/html1/communityview?communit yUuid= 


c2028fdc—41fe—4493-—8257-33a59069fa04&EsuccessMessage= 
label .action.confirm.community. join 


e IBM Cloud Community: 

— https://www.ibm.com/communities/service/html1/ 
communityview?communityUuid=fa3a3fd5—6d7b—48b9—b13b— 
ba25£3325dda 

e Cloud Security Alliance: 


— www.cloudsecurityalliance.org 


e IBM Test Cloud: 


— http: //www.ibm.com/developerworks/cloud/devtest .html 
e Cloud Computing for Dummies, J. Hurwitz, ISBN 978-0-470-484-8 
e IBM Test Preparation, Cloud Computing, A Primer, Part | & II: 

— http: //www.ibm.com/certify/tests/edu032.shtml 


Figure 8-6. References 
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Unit summary 


Having completed this unit, you should be able to: 

e Explain how the course met its learning objectives 

e Submit your evaluation of the class 

Identify other WebSphere Education courses related to this topic 
Access the WebSphere Education website 

e Locate appropriate resources for further study 
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List of abbreviations 
and acronyms 


authentication, authorization, 
and auditing 


Automatic Data Processing, 
Inc. 


Advanced Encryption 
Standard 


Amazon Machine Image 


application programming 
interface 


application service provider 


business support system 


bring your own license 
entitlement 


Change and Configuration 
Management Database 


compact disc 
command-line interface 
central processing unit 


customer relationship 
management 


Data Encryption Standard 
Digital Signature Algorithm 
developer use only 


Elastic Compute Cloud 


EE 


ERP 


Enterprise Edition 
Enterprise JavaBean 
enterprise resource planning 


gigabyte 
graphical user interface 


host-based intrusion 
protection systems 


human resources 
Hypertext Transfer Protocol 


infrastructure as a service 


International Business 
Machines Corporation 


integrated development 
environment 


International Data Encryption 
Algorithm 


input/output 

infrastructure provider 
Internet Protocol 

intrusion prevention system 
independent service provider 
Internet service provider 
information technology 
Integrated Test Enablement 
integrated test environment 


IBM Tivoli Usage and 
Accounting Manager 
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J R 
JDBC Java Database Connectivity REST Representational State 
Transfer 
RSA Rivest, Shamir and Adleman 
K 
KVM kernel-based virtual machine 
SaaS software as a service 
L SLA service level agreement 
LAN local area network SMB small and medium business 
LPAR logical partition SOA service-oriented architecture 
SOAP usage note: SOAP is not an 
M acronym; it is a word in itself 
(formerly an acronym for 
MQ Message Queue Simple Object Access 
Protocol) 
SOX Sarbanes—Oxley 
N SP service provider 
NIDS network intrusion-detection SSL Secure Sockets Layer 
system 
NIPS network-based intrusion 
protection system T 
NIST National Institute of Standards TSAM Tivoli Service Automation 
and Technology Manager 
O 
U 
Os operating system 
Ul user interface 
OSS operation supporting system 
, Sa URL Uniform Resource Locator 
OVF Open Virtualization Format 
V 
P 
, VDI virtual desktop infrastructure 
PaaS platform as a service 
VLAN virtual local area network 
PAYG pay-as-you-go , 
VM virtual machine 
PC personal computer , ! 
VMM virtual machine monitor 
VNPL virtualized non-production lab 
Q VPC virtual private cloud 
QA quality assurance VPN virtual private network 
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X 
XML Extensible Markup Language 
XSL Extensible Stylesheet 
Language 
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